Wireshark-bugs: [Wireshark-bugs] [Bug 10311] New: TLS handshake needs better heuristics for GCM
Bug ID |
10311
|
Summary |
TLS handshake needs better heuristics for GCM suites; SPDY is not detected as such
|
Classification |
Unclassified
|
Product |
Wireshark
|
Version |
1.99.x (Experimental)
|
Hardware |
All
|
OS |
All
|
Status |
UNCONFIRMED
|
Severity |
Normal
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
peter@lekensteyn.nl
|
Created attachment 12935 [details]
SSL capture using ECDHE-RSA-AES-GCM with spdy
Build Information:
Affected versions: v1.99.0-rc1-1000-gcca0fd3 and v1.99.0-rc1-7-g6db77b0, but I
would not be surprised if v1.12 is also affected.
--
The attached capture has some problems with dissection:
1) If no keys are available (ssl keylog file disabled), the early handshake
messages gets detected as Hello Request. I guess that this has something to do
with the counter used in GCM cipher suites.
2) The application data is clearly SPDY, but it is not detected as such.
Save this for ssl.keylog_file:
CLIENT_RANDOM f3ee69f248c9b388fd171805c1087dc0455175ecacce37051e04364aae951895
78cc0ab31a2e2eabbc9c9bfb27e2e4f53eccbfb041ce3bc4cd8850345309c2002d40a35e9896fb1f5d5cb674ef46b0db
You are receiving this mail because:
- You are watching all bug changes.