Hi Sake.
On 2015-04-28 13:04 , Sake Blok wrote:
> You can make sure decryption works in three ways:
>
> - Limit the cipher suites on the client, so that it only advertises
> non-DH ciphersuites
No chance for that. The client (SUPL agent) is preembedded on millions
of terminals already in the market.
> - Limit the cipher suites on the server, so that it only chooses
> non-DH ciphersuites (from the ciphersuites advertised by the client)
Technically I could do that I suppose, but I'm not sure about the
implications.
> - Make the client or the server log the PreMaster data and point
> Wireshark to the key log file in the "(Pre-)MasterSecret logfile" SSL
> protocol preference.
As mentioned earlier the only place where I could practically do it is
on the SUPL server. I guess I need to find out from the vendor whether
it's possible.
> Hope this helps,
Yes, it helped very much. Sometimes you don't see the obvious. Thanks a
bunch!
Kind regards,
Ralf