TLS Callbacks (2012) - Hacker News

Posted by pncnmnp 10/27/2024

TLS Callbacks (2012)(legend.octopuslabs.io)

23 points | 11 comments

landr0id 10/28/2024|

I recently wrote my own PE loader and found handling TLS data the most annoying aspect of the process: https://landaire.net/reflective-pe-loader-for-xbox/

skissane 10/28/2024||

> Note: Very few targets will ever have a TLS section specified unless they are using it as an anti-debug mechanism as most program never use TLS.

Most programs don't use thread-local storage? Very many do, although it depends on what kinds of programs you are looking at.

landr0id 10/28/2024|

Things have certainly changed since 2012. Every Rust program uses TLS -- at least on Windows. Not sure about other platforms.

billpg 10/28/2024|

Anyone else getting this?

The connection for this site is not secure legend.octopuslabs.io uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH

billpg 10/28/2024||

In case anyone needs it: https://web.archive.org/web/20240306134340/https://legend.oc... (The most recent snapshots look like a bad redirect.)

evujumenuk 10/28/2024||

Ironic. A blog post on TLS has TLS issues.

junon 10/28/2024||

Different kind of TLS.

evujumenuk 10/28/2024||

Yeah… I gotta work on my comedic delivery.

skissane 10/28/2024|||

When I saw the title about "TLS Callbacks", I immediately knew what kind of TLS the article was talking about. But then when I saw the comment on ERR_SSL_VERSION_OR_CIPHER_MISMATCH – at the time there weren't many others – and I started to doubt myself – has TLS the network protocol added some new feature called "callbacks" that I'm unfamiliar with?

junon 10/30/2024||

Some libraries use callbacks for e.g. host certificate verification so the consuming application can manage its own whitelists.

junon 10/30/2024|||

I figured but erred on the side of "maybe not a joke" :D