On Fri, 26 Dec 2008 09:14:11 +0100
Sake Blok <sake@xxxxxxxxxx> wrote:
> If I understand you correctly, the following are the case:
> - You have no influence on the ciphers that the client uses
> - You have no influence on the ciphers that the server accepts
> - If you limit the accepted cipher list on the MITM program to non-DH
> ciphers, communication with the client fails (ie the client does not
> present non-DH ciphers in the "client hello").
> - If you limit the offered ciphers in the "client hello" from the MITM
> program to the server to non-DH ciphers, the server won't set up the
> SSL session
>
Precisely.
> In that case, you can not trick Wireshark into decrypting the SSL
> session. But if you came this far by writing a MITM program, you might
> also be able to alter the SSL dissector in Wireshark to accept Master
> Secrets. Have a look at the following files in the source tree:
>
> epan/dissectors/packet-ssl.h
> epan/dissectors/packet-ssl.c
> epan/dissectors/packet-ssl-utils.h
> epan/dissectors/packet-ssl-utils.c
>
> I know there is more demand for decryption of SSL sessions that use a
> DH-cipher, there are just not that many situations where one can
> extract the (pre) master secret to be able to do so. So if you
> succeed in writing the code yourself, please attach the patch to
> bugzilla so that it can be reviewed for inclusion in Wireshark.
>
> And if you are not able to write the code yourself, then you could
> file an enhancement request as mentioned earlier. But it is not said
> if and when it will be picked up by anyone.
>
I will definitely look into coding that. Thank you. :)
--
Alex
Attachment:
signature.asc
Description: PGP signature