Hello mailing list,
I set up ESP deciphering/decoding preferences with following relevant parameters in wireshark 4.4.6:
-- attempt to check ESP Authentication -- off
-- attempt to detect/decode NULL encrypted ESP payload -- off
then I entered ESP SAs with relevant IPs, SPIs and deciphering key, leaving the authentication algorithm at NULL and wireshark did not decipher ESP payload.
I set authentication algorithm to HMAC-SHA1-96 (RFC 2404) then, without authentication key and wireshark did decipher as expected.
Question: why wireshark cares so much about authentication algorithm in this scenario, shouldn't it just decipher with all the information for it available or what goes on here as in "potential bug" ?
Kind Regards
Ariel Burbaickij