IETF QUIC TLS decryption error after the second key update
When an IETF QUIC connection performs a TLS key update, Wireshark stops decrypting any further packets. I believe this issue is separate from #16916 (closed), as no change in connection ID is necessary here.
Steps to reproduce
I used the interop runner and ran the
keyupdate between quic-go and picoquic (many other combintations also reproduce the bug).
What is the current bug behavior?
Wireshark correctly handles the first key update during a connection, but fails to correctly decrypt packets after the second key update. Interestingly, not only does decryption fail, but the values decoded from the header are incorrect as well (even though the header protection key doesn't change during key updates).
What is the expected correct behavior?
The entire trace should be decryptable.
Sample capture file
Relevant logs and/or screenshots
In the sample capture, looks at packet 393. This is the first packet sent after the second key update.