Wireshark · Ethereal-dev: [Ethereal-dev] Re: ssl decryption patch

Ethereal-dev: [Ethereal-dev] Re: ssl decryption patch

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>

Date: Thu, 14 Apr 2005 05:07:45 -0400

So, what we need is
either
1, someone writes the required functions by hand to implement what we
need based on what is available in nettle or just reimplements it by
hand completely.
2, someone gets some people to develop
GPLssl


Neither of the two options should really be that much work.
(says someone who wrote a full h.323 PER dissector by hand and thus no
longer is afraid of anything when it comes to software design)



On 4/13/05, Devin Heitmueller <dheitmueller@xxxxxxxxxxx> wrote:
> Hello Paolo,
> 
> This is certainly something alot of people have been hoping to do (myself
> included).  There are a couple of serious problems though regarding the
> licensing.
> 
> Your code is derived from Eric Rescorla's ssldump code.  His code very
> explictly has an advertising clause in the license, making it incompatible
> with the GPL.  This means the Ethereal project cannot distribute the code. 
> You might be able to contact him and see if you can get permission to
> relicense the code under the GPL (I remember at one point somebody on the
> mailing list said he asked him and said it was ok but you would need to
> approach him yourself).
> 
> The bigger issue though is that Rescorla's code relies heavily on OpenSSL,
> which also includes an advertising clause making it incompatible with the
> GPL.  The OpenSSL group will not relicense their code to make it GPL
> compatible, so this is a major showstopper.
> 
> I went through the same exercise a few years ago when I started an ssldump
> port to Ethereal, and the  amount of work associated with replacing the
> OpenSSL functionality caused me to give up.  I looked at a number of
> alternative crypto libraries and at the time couldn't find any that were
> either mature enough or well enough documented to use.
> 
> Nonetheless, I believe this is still definitely good work, and I look
> forwarding to patching my Ethereal source to support this.
> 
> Thanks,
> 
> Devin
> 
> -----Original Message-----
> From: ethereal-dev-bounces@xxxxxxxxxxxx on behalf of Paolo Abeni
> Sent: Wed 4/13/2005 6:04 AM
> To: ethereal-dev@xxxxxxxxxxxx
> Cc: 
> Subject: [Ethereal-dev] ssl decryption patch
> 
> Hi,
> 
> I have assembled a patch for the ssl dissector that enables ssl
> decryption when it is  possible [*]. It support session key
> renegotiation
> and ssl sessions cache. Decrypted application data is re-inserted into
> ethereal dissection process.
> 
> The patch is derived from ssldump code and requires the ssl library and
> headers.
> 
> The patch require also a couple of new file (attached) to be put into
> the epan/dissectors/ directory.
> 
> I have tested the patch only on a gnu/linux (Mandrake 11) system.
> 
> There is an issue about decryption. Basically I need to perform some
> operations only when processing the packets sequentially [**], but a I
> don't known any reliable method to get this information at dissection
> time. 
> The not-so-clean hack is to use the proto_tree pointer as 
> 'processing selected/out of order packet' flag. It's ugly and does not
> work always, so I'm open to any suggestion...
> 
> Best regards,
> 
> Paolo Abeni
> 
> [*] Only sessions with RSA key exchange can be decrypted, providing the
> host private key via the preferences. For more information see the
> ssldump documentation
> 
> [**] that is, when processing packets provided by a capture file or a
> live capture, and not when dissecting a random packet selected by user
> via the GUI
> 
> 
> Gruppo Telecom Italia - Direzione e coordinamento di Telecom Italia S.p.A.
> 
> ====================================================================
> CONFIDENTIALITY NOTICE
> This message and its attachments are addressed solely to the persons
> above and may contain confidential information. If you have received
> the message in error, be informed that any use of the content hereof
> is prohibited. Please return it immediately to the sender and delete
> the message. Should you have any questions, please send an e_mail to 
> MailAdmin@xxxxxxxxx. Thank you
> ====================================================================
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>

Follow-Ups:
- Re: [Ethereal-dev] Re: ssl decryption patch
  - From: Thomas Anders

References:
- RE: [Ethereal-dev] ssl decryption patch
  - From: Devin Heitmueller

Prev by Date: [Ethereal-dev] Re: [Ethereal-cvs] rev 14073: /trunk/tools/: fuzz-test.sh
Next by Date: [Ethereal-dev] Re: BACnet Updates
Previous by thread: Re: [Ethereal-dev] ssl decryption patch
Next by thread: Re: [Ethereal-dev] Re: ssl decryption patch
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$