Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: question about bug 3303

From: kolos_ws () ural2 hu
Date: Tue, 7 Sep 2010 12:01:31 +0200 (CEST)
Hi Sake,


This is what I see in my capture that makes me think this might be the
same issue:

[..]
216 <timestamp> <srcip> <dstip> TCP   [TCP segment of a reassembled PDU]
217 <timestamp> <srcip> <dstip> TLSv1 Server Hello, Certificate, Server Key Exchange, Server Hello Done
[..]


I kind of missed the " Certificate, Server Key Exchange" before. But 
this means it is a totally different issue. This means the keying 
material is not created by the client and sent to the server encrypted 
with it's public key. Instead of that the DH algorithm is used to 
negotiate keying material. Wireshark is not able to decrypt sessions 
that used DH to negotiate keys.

You can see this by looking at the chosen cipher in the ServerHello 
message. It should have DH in the ciphername.

You can circumvent this by restricting the allowed ciphers on either the 
client or the server.


Indeed, you were right. Thank you!

Just out of interest, will Wireshark support the decryption of sessions 
that used DH to negotiate keys?

Thanks,

Kolos
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: