Wireshark-dev: Re: [Wireshark-dev] Decoding New TLS CLient Hello Extension

From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
Date: Fri, 15 Apr 2016 10:05:01 +0100


On 15 April 2016 at 02:24, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:
[Resending with the list in Cc:; I'm not sure why gmail's web interface decided to drop the list when I hit reply.]

On Thu, Apr 14, 2016 at 3:48 PM, <nalini.elkins@xxxxxxxxxxxxxxxxxx> wrote:


On Thu, Apr 14, 2016 at 3:07 PM, <nalini.elkins@xxxxxxxxxxxxxxxxxx> wrote:

>Your best path forward would likely be to just modify the SSL dissector's C code; ideally you could then push that code to Wireshark so future versions will dissect the extension too.

Sure.  Happy to do that (once it all works!) but I was having trouble finding where that SSL dissector's C code actually was.  It looks like it may be invoking gnutls libraries?  Thanks for your help.



I think the TLS client extension stuff is in packet-ssl-utils.c, in function ssl_dissect_hnd_hello_ext().



--
Graham Bloice