Yes it has been tested.
I use linux and I just verified it again using the example and the
instructions on http://wiki.wireshark.org/SSL
and once I set the preference properly and I restart wireshark it does
decrypt the example capture just fine.
On 10/31/06, Vijay Sitaram <vjatfugen@xxxxxxxxx> wrote:
Hi All,
Can someone authoritatively answer this question:
Has the 'WireShark / Tshark' program ever been used for SSLv3 dissection
on Linux?
I have posted related questions several times but have not received
any complete responses. Recently I came across Bug ID 1119 (SSL dissector
not decrypting SSLv3 and TLS 1.0 traffic (only tested in win32)). If this
is true then perhaps my efforts are futile?
I would happy to debug this issue further if someone can point me in
the right direction. Here is some relevant information from a log file when
I try to decrypt the sample:
...
ssl_init keys string
127.0.0.1,443,http,/home/vijay/snakeoil2/rsasnakeoil2.key
ssl_init found host entry
127.0.0.1,443,http,/home/vijay/snakeoil2/rsasnakeoil2.key
ssl_init addr 127.0.0.1 port 443 filename
/home/vijay/snakeoil2/rsasnakeoil2.key
ssl_get_version: 1.0.20
ssl_init private key file /home/vijay/snakeoil2/rsasnakeoil2.key
successfully loaded
...
association_find: port 38713 found (nil)
packet_from_server: is from server 0
dissect_ssl server 127.0.0.1:443
client random len: 16 padded to 32
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 74 ssl state 11
decrypt_ssl3_record: no session key
...
ssl_decrypt_pre_master_secret wrong pre_master_secret lenght (128,
expected 48)
dissect_ssl3_handshake can't decrypt pre master secret
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
...
Thanks for your response. Kind regards,
Vijay
---------------------------------
Want to start your own business? Learn how on Yahoo! Small Business.
---------------------------------
Everyone is raving about the all-new Yahoo! Mail.