Hmm. This came up for me recently. When front-line support sent me a link
to a pcap file and associated TLS keyfile and asked "what's going on
there?", after a bit of googling I was quite confused as to why I had to
set a global configuration option rather than there being a menu option to
"load the TLS keyfile for this capture" or "decrypt using *these* keys",
and why wireshark will now continue to load those keys in for every single
other pcap file I look at in the future (until I change it.)
(I get why some people would find the direct integration to specific
providers useful, but surely the most obvious access method should come
first?)
On Monday, May 2, 2022, 5:14:25 PM, Jaap Keuter wrote:
> Well, the referenced developments are about additional TLS endpoint
> types (rather than browsers) being able to write to key log files.
> I’ll leave reading of the file into Wireshark to the applicable experts.
>> On 2 May 2022, at 09:32, Dario Lombardo <lomato@xxxxxxxxx> wrote:
>>
>> There is merge request
>>
>> https://gitlab.com/wireshark/wireshark/-/merge_requests/1640 <https://gitlab.com/wireshark/wireshark/-/merge_requests/1640>
>>
>> that has been closed because of some criticism. Feel free to revamp the topic.
>>
>> On Mon, May 2, 2022 at 8:45 AM Jaap Keuter <jaap.keuter@xxxxxxxxx <mailto:jaap.keuter@xxxxxxxxx>> wrote:
>> More and more programs are leveraging the SSLKEYLOGFILE for our benefit.
>>
>>> Begin forwarded message:
>>>
>>> From: Jouni Malinen <j@xxxxx <mailto:j@xxxxx>>
>>> Subject: Re: [PATCH] add SSLKEYLOGFILE capability to allow Wireshark TLS decoding of payloads
>>> Date: 1 May 2022 at 18:04:53 CEST
>>> To: Alexander Clouter <alex+hostapd@xxxxxxxxxxx <mailto:alex+hostapd@xxxxxxxxxxx>>
>>> Cc: hostap@xxxxxxxxxxxxxxxxxxx <mailto:hostap@xxxxxxxxxxxxxxxxxxx>
>>>
>>> On Thu, Apr 28, 2022 at 11:07:35PM +0100, Alexander Clouter wrote:
>>>> A port of the trivial patch I wrote for FreeRADIUS to allow TLS decoding in Wireshark for hostapd/wpa_supplicant:
>>>>
>>>> https://github.com/FreeRADIUS/freeradius-server/commit/df0eb0a8849611cb44e0baeadfd3e6fcd20bc7b9 <https://github.com/FreeRADIUS/freeradius-server/commit/df0eb0a8849611cb44e0baeadfd3e6fcd20bc7b9>
>>>
>>> Thanks, applied. Though, I moved this to be within the
>>> CONFIG_TESTING_OPTIONS=y build option to avoid accidental exposure of
>>> private keys from production builds.
>>>
>>> --
>>> Jouni Malinen PGP id EFC895FA
>>>
>>> _______________________________________________
>>> Hostap mailing list
>>> Hostap@xxxxxxxxxxxxxxxxxxx <mailto:Hostap@xxxxxxxxxxxxxxxxxxx>
>>> http://lists.infradead.org/mailman/listinfo/hostap <http://lists.infradead.org/mailman/listinfo/hostap>
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>>
>> Archives: https://www.wireshark.org/lists/wireshark-dev <https://www.wireshark.org/lists/wireshark-dev>
>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev <https://www.wireshark.org/mailman/options/wireshark-dev>
>> mailto:wireshark-dev-request@xxxxxxxxxxxxx <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe
>>
>>
>> --
>> Naima is online.
>> ___________________________________________________________________________
>> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>> Archives: https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
John
--
Dead stars still burn