Wireshark-users: Re: [Wireshark-users] "Encrypted Alert" on ssl capture.

From: fess <fess@xxxxxxxx>
Date: Thu, 2 Oct 2008 09:59:20 -0700

Hey,
thanks for your feedback, as I mentioned I do have the SSL section in the config, and I do have it configured, I have been able to decrypt my working SSL connections that do not have the "encrypted alert"

As to the ones that have the "encrypted alert" I don't know what to expect as there is never any encrypted payload to inspect.

From what you're saying it does sound like when you have decryption working the "encrypted alerts" also decrypt, so perhaps whatever the problem is that isn't allowing the connection to get setup, is also preventing me from decrypting the alert?

hmm.  I think I'm stuck.

--fess


On Sep 27, 2008, at 4:50 AM, John Nickell wrote:

This webpage helped me Get to where I could see the Encrypted Alerts in
my SSL traffic.
http://www.novell.com/coolsolutions/appnote/19321.html

If you get to the Protocols -->  SSL section and can't see the two
required textboxes, you'll need to compile Wireshark with gnutls.  If
you're on a Mac, I'd suggest getting macports and getting the required
packages (gtk2, gnutls). Download the source code from the website.
Once you've got gtk2, and gnutls installed, run the ./configure command
with the --with-gnutls option, then "make", and then "sudo make
install". The next time you run wireshark, the SSL section of protocols
should have the boxes mentioned in the weblink I referenced.  I just
went through this on a fresh install of Leopard so it should work for
you too.

As far as getting this on Windows or Linux, I'm not sure if it's
necessary as both of my installs on those OS's have already had the
added features for SSL.

fess wrote:
Hi,  we have these failing SSL connections we were trying to debug,
the ones that fail have an
"Encrypted Alert"  in them.

Am I correct in assuming that this is an alert in the SSL protocol
who's value I can't see because it's encrypted?

Should I expect to be able to decrypt it with wireshark if I have the
keys setup properly?  I am able to decrypt
the ssl stream of the successful connections, but they don't have any
"Encrypted Alerts" so I don't know
what to expect there.

Thanks in advance for your help.

--fess



_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users

--fess