Wireshark-dev: Re: [Wireshark-dev] SSL + DTLS

From: "authesserre samuel" <sauthess@xxxxxxxxx>
Date: Thu, 29 Jun 2006 14:03:05 +0200
ok,

so we will make a parallele dev on dtls and  ssl ;)

I have no time this week I'll start to correct preferences and others
stuff in dtls dissector from monday.
I'll inform you ....

regards,

Samuel

PS: what is the things that are missing in ssl dissector (I have
stopped dev because I tought that all was done....) thanks for your
answer....

On 6/29/06, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
ah, a misunderstanding.

ok.    so the dtls stuff does not require linking with openssl then
there wont be any problem at all.

thanks for clarifying.



please also see   wiki.wireshark.org/SSL
i just checked in a change to the preference syntax that is not
backward compatible for ssl decryption.

i think it makes it better.   please mimic these changes in dtls
dissector   (i have little interest in dtls personally now   but great
interest in ssl decryption)


i will do more changes and refactoring to ssl decryption over time.





On 6/29/06, authesserre samuel <sauthess@xxxxxxxxx> wrote:
> hi,
>
>
> I was talking about modifying directly openssl implementation allowing
> me to make test on dtls dissector implementation.
> In ethereal I can use (its the fact actually) gnutls because the only
> usefull fonction to realize dissector is the cryptographics ones no
> the send or receive one (based on tcp) that's why I choose to continue
> with modifying dtls dissector in the same scheme as ssl one and
> modifying openssl dtls implementation to have a complete dtls
> implementation (and dissection with wireshark ;) )
> so I can make mistake but the dtls dissector can be added on win32
> version (like ssl?), the fact is dtls ans ssl dissectors use the same
> functions in packet-ssl-utils.h so I think there is no problem (dtls
> dissector don't use openssl at all).
> tell me if I am right
>
> regards,
>
> samuel
>
>
> On 6/29/06, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> > it would just mean that dtls decryption would not work out of the box
> > for win32 users since we can not ship win32 versions of ethereal
> > linked with openssl.
> >
> > no drama.   if there is enough interest in the feature someone will
> > implement the required gnutls magic if you dont have time.    if not
> > it just mean there is no interest.
> >
> >
> > i have associates that need the ssl decryption feature now so dont
> > worry about ssl.    ill do the updates required to ssl.
> > (beware     preference breaking update/change estimated to go in in 10
> minutes)
> >
> > please ty to follow the ssl changes i do to svn for your dtls code.
> >
> >
> >
> >
> >
> >
> > On 6/29/06, authesserre samuel <sauthess@xxxxxxxxx> wrote:
> > > hi,
> > >
> > > it isn't compatible  at all(bsd licence), and i have already posted on
> > > gnutls mailing list to propose a dtls implementation.
> > > in a first time i think it could be a good idea to have an
> > > implementation that work correctly and in a second time another to
> > > test interoperability
> > > I have only one month to consacrate to project i don't think that i
> > > could make gnutls implementation in this time....(i will do all i can
> > > because i would like a gpl'ed implementation)
> > > gnutls have the advantage that it implement TLS 1.1 but in other side
> > > it have to change a lot of things for UDP adaptation
> > >
> > > I will try to finish openssl implem and in a second time i will look
> > > at gnutls (if you are ready to help me  ;) )
> > >
> > > regards,
> > >
> > > samuel
> > >
> > > On 6/28/06, Joerg Mayer <jmayer@xxxxxxxxx> wrote:
> > > > On Wed, Jun 28, 2006 at 11:31:28AM +0200, authesserre samuel wrote:
> > > > > but dtls work on openssl version 0.9.b who contains many errors (I
> > > > > have listed them on openssl-dev mailing list and correct 2 of them)
> > > > > but in current time i havent time to finish implementation of dtls
> > > > > (i'll try to correct it during july and dtls dissector in the same
> > > > > time)
> > > >
> > > > Would it be feasible to use another lib than openssl (gnutls + gcrypt)
> > > > instead? I'm still not really convinced that the way we provide
> openssl
> > > > is really compatible with gpl (and especially distros enabling it).
> > > >
> > > >  Ciao
> > > >       Joerg
> > > > --
> > > > Joerg Mayer
> <jmayer@xxxxxxxxx>
> > > > We are stuck with technology when what we really want is just stuff
> that
> > > > works. Some say that should read Microsoft instead of technology.
> > > > _______________________________________________
> > > > Wireshark-dev mailing list
> > > > Wireshark-dev@xxxxxxxxxxxxx
> > > > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > > >
> > >
> > >
> > > --
> > > Authesserre Samuel
> > > 12 rue de la défense passive
> > > 14000 CAEN
> > > FRANCE
> > > 06-27-28-13-32
> > > sauthess@xxxxxxxxx
> > > _______________________________________________
> > > Wireshark-dev mailing list
> > > Wireshark-dev@xxxxxxxxxxxxx
> > > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > >
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
>
>
> --
> Authesserre Samuel
> 12 rue de la défense passive
> 14000 CAEN
> FRANCE
> 06-27-28-13-32
> sauthess@xxxxxxxxx
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev



--
Authesserre Samuel
12 rue de la défense passive
14000 CAEN
FRANCE
06-27-28-13-32
sauthess@xxxxxxxxx