I can restrict the server to certain suites but other than trial and error, is there a way I can tell which are supported in my 1.0.2 installation? I assume the code you pointed is the current development version. Can I see the 1.0.2 version?
Thanks for your help.
--- On Mon, 8/18/08, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Subject: Re: [Wireshark-users] Decoding SSL - what cipher suites are supported?
To: ixxusnexxus@xxxxxxxxx, "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Date: Monday, August 18, 2008, 10:39 PM
Hi,
That one was only recently added to the development version of wireshark.
{51,KEX_DH,
SIG_RSA,ENC_AES,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},
You can find an overview of what Wireshark knows in
http://anonsvn.wireshark.org/wireshark/trunk-1.0/epan/dissectors/packet-ssl-utils.c
Thanx,
Jaap
ixxus nexxus wrote:
> I am trying to decode some ssl traffic. I have set the private key in
> wireshark but I am still not able to decrypt and view the data. I see
> this error in the log:
>
> dissect_ssl3_hnd_srv_hello can't find cipher suite 0x33
>
> If this one is not supported, where can I get a list of supported
> suites? I am using 1.0.2 on windows.
>
> Thank you for your help.
>
>
>
> Here are the details of the log:
>
> ssl_init keys string:
> xxx.xxx.xxx.xxx,http,P:\temp\key.pem
> ssl_init found host entry xxx.xxx.xxx.xxx,443,http,P:\temp\key.pem
> ssl_init addr 'xxx.xxx.xxx.xxx' port
'443' filename
'P:\temp\key.pem'
> password(only for p12 file) '(null)'
> ssl_init private key file P:\temp\key.pem successfully loaded
> association_add TCP port 443 protocol http handle 02F5E458
> association_find: TCP port 993 found 03D6A070
> ssl_association_remove removing TCP 993 - imap handle 02E58B00
> association_add TCP port 993 protocol imap handle 02E58B00
> association_find: TCP port 995 found 03D6A0B0
> ssl_association_remove removing TCP 995 - pop handle 03AB16F8
> association_add TCP port 995 protocol pop handle 03AB16F8
>
> dissect_ssl enter frame #6 (first time)
> ssl_session_init: initializing ptr 050B1E70 size 564
> association_find: TCP port 3910 found 00000000
> packet_from_server: is from server - FALSE
> dissect_ssl server xxx.xxx.xxx.xxx:443
> conversation = 050B1C98, ssl_session = 050B1E70
> dissect_ssl3_record:
content_type 22
> decrypt_ssl3_record: app_data len 138 ssl, state 0x00
> association_find: TCP port 3910 found 00000000
> packet_from_server: is from server - FALSE
> decrypt_ssl3_record: using client decoder
> decrypt_ssl3_record: no decoder available
> dissect_ssl3_handshake iteration 1 type 1 offset 5 length 134 bytes,
> remaining 143
> dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
>
> dissect_ssl enter frame #8 (first time)
> conversation = 050B1C98, ssl_session = 050B1E70
> dissect_ssl3_record found version 0x0301 -> state 0x11
> dissect_ssl3_record: content_type 22
> decrypt_ssl3_record: app_data len 1113 ssl, state 0x11
> association_find: TCP port 443 found 03F5B3D0
> packet_from_server: is from server - TRUE
> decrypt_ssl3_record: using server decoder
> decrypt_ssl3_record: no decoder available
>
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes,
> remaining 1118
> dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
> dissect_ssl3_hnd_srv_hello can't find cipher suite 0x33
> dissect_ssl3_handshake iteration 0 type 11 offset 79 length 603 bytes,
> remaining 1118
> dissect_ssl3_handshake iteration 0 type 12 offset 686 length 424 bytes,
> remaining 1118
> dissect_ssl3_handshake iteration 0 type 14 offset 1114 length 0 bytes,
> remaining 1118
>
> dissect_ssl enter frame #10 (first time)
> conversation = 050B1C98, ssl_session = 050B1E70
> dissect_ssl3_record: content_type 22
> decrypt_ssl3_record: app_data len 102 ssl, state 0x13
> association_find: TCP port 3910 found 00000000
> packet_from_server: is from server - FALSE
> decrypt_ssl3_record: using client decoder
> decrypt_ssl3_record: no decoder
available
> dissect_ssl3_handshake iteration 1 type 16 offset 5 length 98 bytes,
> remaining 107
> dissect_ssl3_handshake found SSL_HND_CLIENT_KEY_EXCHG state 0x13
> dissect_ssl3_handshake not enough data to generate key (required 0x17)
> dissect_ssl3_record: content_type 20
> dissect_ssl3_change_cipher_spec
> association_find: TCP port 3910 found 00000000
> packet_from_server: is from server - FALSE
> ssl_change_cipher CLIENT
> dissect_ssl3_record: content_type 22
> decrypt_ssl3_record: app_data len 48 ssl, state 0x13
> association_find: TCP port 3910 found 00000000
> packet_from_server: is from server - FALSE
> decrypt_ssl3_record: using client decoder
> decrypt_ssl3_record: no decoder available
> dissect_ssl3_handshake iteration 1 type 94 offset 118 length 7042118
> bytes, remaining 166
>
>
>
>
------------------------------------------------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
|