Wireshark-users: Re: [Wireshark-users] "Encrypted Alert" on ssl capture.

From: John Nickell <jcnickell@xxxxxxxxx>
Date: Sat, 27 Sep 2008 06:50:52 -0500
This webpage helped me Get to where I could see the Encrypted Alerts in my SSL traffic. http://www.novell.com/coolsolutions/appnote/19321.html

If you get to the Protocols --> SSL section and can't see the two required textboxes, you'll need to compile Wireshark with gnutls. If you're on a Mac, I'd suggest getting macports and getting the required packages (gtk2, gnutls). Download the source code from the website. Once you've got gtk2, and gnutls installed, run the ./configure command with the --with-gnutls option, then "make", and then "sudo make install". The next time you run wireshark, the SSL section of protocols should have the boxes mentioned in the weblink I referenced. I just went through this on a fresh install of Leopard so it should work for you too. As far as getting this on Windows or Linux, I'm not sure if it's necessary as both of my installs on those OS's have already had the added features for SSL.
fess wrote:
Hi, we have these failing SSL connections we were trying to debug, the ones that fail have an
"Encrypted Alert"  in them.

Am I correct in assuming that this is an alert in the SSL protocol who's value I can't see because it's encrypted?

Should I expect to be able to decrypt it with wireshark if I have the keys setup properly? I am able to decrypt the ssl stream of the successful connections, but they don't have any "Encrypted Alerts" so I don't know
what to expect there.

Thanks in advance for your help.

--fess



_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users