Hey Sake,
I'm using Chrome-4.0.249.43, Firefox-3.5.7 and Android emulator API level 1.6 all running on Ubuntu-9.10 and I didn't find a way to change/restrict the list of ciphers... Is it possible on these clients?
Thanks again!
Thiago Moreira
On Wed, Jan 20, 2010 at 2:06 PM, Sake Blok
<sake@xxxxxxxxxx> wrote:
On Tue, Jan 19, 2010 at 02:33:23PM -0200, Thiago Moreira (timba) wrote:
> I don't see anything else, I'm a beginner in SSL matters... Attached I
> sent my SSL debug file... I appreciate if some one would be able to check
> if there is something wrong on it.
The problem is that you are using a DH cipher:
dissect_ssl3_hnd_srv_hello found CIPHER 0x0033 -> state 0x17
(cipher 0x33 = TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
It is not possible to decrypt SSL sessions that use a DH cipher based
on network traffic and private key. You could restrict the cipher-list on
the client to make sure a cipher is chosen that makes it possible to decrypt.
Cheers,
Sake