Wireshark · Wireshark-dev: Re: [Wireshark-dev] [PATCH] Fix false malformed SSL handshake messages (Was: Catch 22 in SSL dissect

Wireshark-dev: Re: [Wireshark-dev] [PATCH] Fix false malformed SSL handshake messages (Was: Cat

From: Sake Blok <sake@xxxxxxxxxx>

Date: Sat, 14 Apr 2007 20:20:05 +0200

On Sat, Apr 14, 2007 at 10:58:18AM -0700, Stephen Fisher wrote:
> On Sat, Apr 14, 2007 at 02:35:31PM +0200, Sake Blok wrote:
> 
> > Although I'm still interested in a theoretical answer to the problem 
> > of keeping state info on a per packet basis (see below), here is a 
> > workaround for the bug.
> 
> Would this be better fixed using per-packet state information?

Uhmm... well, with this workaround there is still a (very slim)
chance that the first 4 octets of an encrypted handshake message 
look like an unencrypted handshake message.

I guess the simpleness of this workaround has it's advantages over
trying to solve it through per-packet state recording. My suggestion
will be to use this patch for now and I will look into solving it
with state information.

I guess it's a trade-off between being practical and being exact :)

Cheers,

Sake

Follow-Ups:
- Re: [Wireshark-dev] [PATCH] Fix false malformed SSL handshakemessages (Was: Catch 22 in SSL dissector?)
  - From: Kukosa, Tomas

References:
- [Wireshark-dev] Catch 22 in SSL dissector?
  - From: Sake Blok
- [Wireshark-dev] [PATCH] Fix false malformed SSL handshake messages (Was: Catch 22 in SSL dissector?)
  - From: Sake Blok
- Re: [Wireshark-dev] [PATCH] Fix false malformed SSL handshake messages (Was: Catch 22 in SSL dissector?)
  - From: Stephen Fisher

Prev by Date: Re: [Wireshark-dev] Catch 22 in SSL dissector?
Next by Date: Re: [Wireshark-dev] Catch 22 in SSL dissector?
Previous by thread: Re: [Wireshark-dev] [PATCH] Fix false malformed SSL handshake messages (Was: Catch 22 in SSL dissector?)
Next by thread: Re: [Wireshark-dev] [PATCH] Fix false malformed SSL handshakemessages (Was: Catch 22 in SSL dissector?)
Index(es):
- Date
- Thread