https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3977
Summary: Wireshark SSL dissector does not support DHE; suggesting
more descriptive error message
Product: Wireshark
Version: SVN
Platform: Other
OS/Version: All
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: parasietje@xxxxxxxxx
Build Information:
wireshark 1.2.1
Compiled with GTK+ 2.16.1, with GLib 2.20.1, with libpcap 1.0.0, with libz
1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, with GnuTLS 2.4.2, with Gcrypt 1.4.1,
without
Kerberos, without GeoIP, without PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running on Linux 2.6.28-15-generic, with libpcap version 1.0.0, GnuTLS 2.4.2,
Gcrypt 1.4.1.
Built using gcc 4.3.3.
--
Wireshark's SSL dissector does not support DHE key exchange. The SSL debug log
will print the following:
==> ssl_decrypt_pre_master_secret key 17 different from KEX_RSA(16)
This is a confusing error message. To know what 'key 17' is, the user has to
look at the .h-file for the ssl dissector. Therefore, I propose the following
change:
==> ssl_decrypt_pre_master_secret session uses DHE(17) key exchange, which is
impossible to decrypt
This change can be easily made in <a
href="http://anonsvn.wireshark.org/wireshark/trunk/epan/dissectors/packet-ssl-utils.c">dissectors/packet-ssl-utils.c</a>
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.