Wireshark-bugs: [Wireshark-bugs] [Bug 5963] Add decryption for resumed TLS sessions with a sessi
Date: Sat, 28 May 2011 00:53:47 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5963

Sake <sake@xxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|TLS Session Resumption      |Add decryption for resumed
                   |break ssl decryption        |TLS sessions with a session
                   |                            |ticket
           Severity|Major                       |Enhancement

--- Comment #4 from Sake <sake@xxxxxxxxxx> 2011-05-28 00:53:38 PDT ---
The handling of TLS session tickets is not yet implemented in the TLS
decryption code. Even when it is implemented, you still need the full TLS
handshake in the tracefile to be able to decrypt a resumed session later on.

The session ticket format is not fixed and above all, the session ticket itself
is encrypted, so the session ticket alone is not enough to decrypt a session.
It can however be used as a reference to the full handshake earlier in the
tracefile and so the keyring information from the previous session can be
reused (just like it works today with resumed SSL sessions based on SSL Session
ID).

The keylog file can not be used in this case as it is indexed by the first 8
bytes of the encrypted PreMaster-Secret and there is no "KeyExchange" handshake
message (which contains the encrypted PreMaster-Secret) present in the resumed
session.

I changed the severity to "Enhancement" as this is new functionality that needs
to be implemented.

BTW  Your tracefile does not contain the original full TLS handshake, so even
if this functionality was written, it would not help you in this case.  Could
you post another tracefile with session resumption based on TLS tickets, but
now also including the original full TLS handshake. When the code gets written,
we can use that to test the code.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.