Wireshark · Wireshark-dev: Re: [Wireshark-dev] Decoding New TLS CLient Hello Extension

[Graham Bloice <graham.bloice@xxxxxxxxxxxxx>]

On 15 April 2016 at 02:24, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:

[Resending with the list in Cc:; I'm not sure why gmail's web interface decided to drop the list when I hit reply.]

On Thu, Apr 14, 2016 at 3:48 PM, <nalini.elkins@xxxxxxxxxxxxxxxxxx> wrote:

On Thu, Apr 14, 2016 at 3:07 PM, <nalini.elkins@xxxxxxxxxxxxxxxxxx> wrote:

>Your best path forward would likely be to just modify the SSL dissector's C code; ideally you could then push that code to Wireshark so future versions will dissect the extension too.

Sure.  Happy to do that (once it all works!) but I was having trouble finding where that SSL dissector's C code actually was.  It looks like it may be invoking gnutls libraries?  Thanks for your help.

epan/dissectors/packet-ssl.c, also available here:

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-ssl.c

I think the TLS client extension stuff is in packet-ssl-utils.c, in function ssl_dissect_hnd_hello_ext().

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-ssl-utils.c

--

Graham Bloice