Wireshark-bugs: [Wireshark-bugs] [Bug 10311] New: TLS handshake needs better heuristics for GCM
Date: Fri, 25 Jul 2014 10:02:27 +0000
Bug ID 10311
Summary TLS handshake needs better heuristics for GCM suites; SPDY is not detected as such
Classification Unclassified
Product Wireshark
Version 1.99.x (Experimental)
Hardware All
OS All
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter peter@lekensteyn.nl

Created attachment 12935 [details]
SSL capture using ECDHE-RSA-AES-GCM with spdy

Build Information:
Affected versions: v1.99.0-rc1-1000-gcca0fd3 and v1.99.0-rc1-7-g6db77b0, but I
would not be surprised if v1.12 is also affected.
--
The attached capture has some problems with dissection:

1) If no keys are available (ssl keylog file disabled), the early handshake
messages gets detected as Hello Request. I guess that this has something to do
with the counter used in GCM cipher suites.

2) The application data is clearly SPDY, but it is not detected as such.

Save this for ssl.keylog_file:

CLIENT_RANDOM f3ee69f248c9b388fd171805c1087dc0455175ecacce37051e04364aae951895
78cc0ab31a2e2eabbc9c9bfb27e2e4f53eccbfb041ce3bc4cd8850345309c2002d40a35e9896fb1f5d5cb674ef46b0db


You are receiving this mail because:
  • You are watching all bug changes.