["Paolo Abeni" <paolo.abeni@xxxxxxxxxxxxxxxx>]

hi list,

The current ssl decryption code does not work for 3des session (the
attached pcap trace and relative private key trigger the issue) 

The attached patch (created by authesserre samuel <sauthess@xxxxxxxxx>)
fix the problem.

best regards, 

Paolo





--------------------------------------------------------------------

CONFIDENTIALITY NOTICE

This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please contact us by replying to webmaster@xxxxxxxxxxxxxxxx.

        Thank you

                                        www.telecomitalia.it

--------------------------------------------------------------------

Index: epan/dissectors/packet-ssl-utils.c
===================================================================
--- epan/dissectors/packet-ssl-utils.c	(revision 18003)
+++ epan/dissectors/packet-ssl-utils.c	(working copy)
@@ -337,7 +337,7 @@
 
 static const char *ciphers[]={
      "DES",
-     "DES3",
+     "3DES",
      "ARCFOUR", /* gnutls does not support rc4, but this should be 100% compatible*/
      "RC2",
      "IDEA",
@@ -357,7 +357,7 @@
     {7,KEX_RSA,SIG_RSA,ENC_IDEA,8,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},
     {8,KEX_RSA,SIG_RSA,ENC_DES,8,64,40,DIG_SHA,20,1, SSL_CIPHER_MODE_STREAM},
     {9,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},
-    {10,KEX_RSA,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},
+    {10,KEX_RSA,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},
     {11,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA,20,1, SSL_CIPHER_MODE_STREAM},
     {12,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},
     {13,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},
Index: epan/dissectors/packet-ssl.c
===================================================================
--- epan/dissectors/packet-ssl.c	(revision 18003)
+++ epan/dissectors/packet-ssl.c	(working copy)
@@ -1709,7 +1709,7 @@
             ssl_version_short_names[*conv_version],
             val_to_str(content_type, ssl_31_content_type, "unknown"),
             association?association->info:"Application Data");
-     
+    
         /* show decrypted data info, if available */         
         decrypted = p_get_proto_data(pinfo->fd, proto_ssl);
         if (decrypted)
@@ -2030,7 +2030,7 @@
                         break;
                     }
                                 
-                    /* get encrypted data, on tls1 we have to byte to skip
+                    /* get encrypted data, on tls1 we have to skip two bytes
                      * (it's the encrypted len and should be equal to record len - 2) 
                      */
                     if (ssl->version == SSL_VER_TLS)

-----BEGIN RSA PRIVATE KEY-----
MIICXwIBAAKBgQD0rfuf8z6HxCieJ4flCbVZQAYvhX8/k6eXN7QgoNa/Sll64bkr
MOavi7uhiPa4XmSocL0I/t1lTITtQh8ehmIOckXrEvaOzz+Eq7AR+E4n4saxx1/Z
vTvOOACf6n+2zBm+UVy4xHIQRfwDwziboPTztwKF1m3pilGBFf05VxX9NwIDAQAB
AoGBAJKEDIU/V1ZdNCVgbpPMOHf1Sr7yJbygYl6+0HIpXe62Sta2i/c9FSZRek3E
gljszUHAILJeS5z5MTARxCi3N8dbCOUVJyuLPe86zGR7peBa/PMZW1+N8tTMgJGE
kZm3Bv16el137hUO62JmXfylUq8H46qLixUTgP9CT8UE79OBAkEA/gUtj1HO/fUV
DkAGSY/dWIdpYxw7utlcyqbdVMV+zFa8z5dS0a9d9dL2fj7nkPEU4f1mBSiJGhpT
mcT4dUkA8QJBAPaWKyTzJ5mz43AQazxIiGALyZBYbwHE0ozcvA3dt3XGyT2QiKnO
lqyG+oXrM7b9WEdrwkdU+fQhCFvy5vXcYKcCQQCYpNfp5ckzBpFujL66eb8TMdv8
eLzT3UZLaNZb2IoHlJ/FRzO3WWBnFiyVVIump5ha7QDfXKp2ixdtsdVz9TihAkEA
45+RqiUvTAorjBoL83T9NrQK181ag2Z9+fwVODOQFA9xWvxdu2px2kcrYY3Rijzp
TdyiVZiSt5H6lm5uV0ychwJBAIvWbxppcxRMX/BkTP1NcCcdG/wKVGFIMCL3J2Cq
1UIWOy9FhbpeaHLJ3E01KFqXIMTG+EKW0eJCkQT9XdSNaX8=
-----END RSA PRIVATE KEY-----

Attachment: 3des.pcap
Description: Binary data