Wireshark-bugs: [Wireshark-bugs] [Bug 6032] New: SSL/TLS decryption needs wireshark to be reboot
Date: Fri, 17 Jun 2011 12:04:04 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6032

           Summary: SSL/TLS decryption needs wireshark to be rebooted
           Product: Wireshark
           Version: 1.6.0
          Platform: x86-64
        OS/Version: Windows 7
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: simonerestelli.ephemeral@xxxxxxxxx


Build Information:
Version 1.6.0 (SVN Rev 37592 from /trunk-1.6)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.22.1, with GLib 2.26.1, with WinPcap (version
unknown), with libz 1.2.5, without POSIX capabilities, without libpcre, without
SMI, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.10.3, with
Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 
7 2011), with AirPcap.

Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.10.3, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 21022
--
When you have a SSL/TLS traffic in wireshark and wireshark does not have the
server's private key, in order to decrypt it you have to add the private key
and reboot wireshark.
In version 1.4.7, the ssl/tls traffic was decrypted as the user pressed the
"Apply" or "Ok" button in the SSL protocol preferences.

Steps to reproduce:
1. download
http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=snakeoil2_070531.tgz
and extract the files where you prefer (from now on called $DIR directory)
2. open the $DIR\rsasnakeoil2.cap capture file with wireshark
3. Go to "Secure Socket Layer preferences"
4. Add a "SSL debug file"
5. Open "RSA keys list"
6. Add the entry:
    IP: 127.0.0.1
    port: 443
    protocol: http
    key: $DIR\rsasnakeoil2.key
7. Save settings

Actual result:
The SSL/TLS traffic is not decrypted and you need to reboot wireshark (and open
$DIR\rsasnakeoil2.cap) to decrypt the SSL/TLS traffic

Expected result:
The SSL/TLS traffic should be decrypted without rebooting wireshark

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.