Wireshark-users: Re: [Wireshark-users] Decoding SSL - what cipher suites are supported?
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Tue, 19 Aug 2008 07:39:07 +0200
Hi, That one was only recently added to the development version of wireshark. {51,KEX_DH, SIG_RSA,ENC_AES,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},You can find an overview of what Wireshark knows in http://anonsvn.wireshark.org/wireshark/trunk-1.0/epan/dissectors/packet-ssl-utils.c
Thanx, Jaap ixxus nexxus wrote:
I am trying to decode some ssl traffic. I have set the private key in wireshark but I am still not able to decrypt and view the data. I see this error in the log:dissect_ssl3_hnd_srv_hello can't find cipher suite 0x33If this one is not supported, where can I get a list of supported suites? I am using 1.0.2 on windows.Thank you for your help. Here are the details of the log: ssl_init keys string: xxx.xxx.xxx.xxx,http,P:\temp\key.pem ssl_init found host entry xxx.xxx.xxx.xxx,443,http,P:\temp\key.pemssl_init addr 'xxx.xxx.xxx.xxx' port '443' filename 'P:\temp\key.pem' password(only for p12 file) '(null)'ssl_init private key file P:\temp\key.pem successfully loaded association_add TCP port 443 protocol http handle 02F5E458 association_find: TCP port 993 found 03D6A070 ssl_association_remove removing TCP 993 - imap handle 02E58B00 association_add TCP port 993 protocol imap handle 02E58B00 association_find: TCP port 995 found 03D6A0B0 ssl_association_remove removing TCP 995 - pop handle 03AB16F8 association_add TCP port 995 protocol pop handle 03AB16F8 dissect_ssl enter frame #6 (first time) ssl_session_init: initializing ptr 050B1E70 size 564 association_find: TCP port 3910 found 00000000 packet_from_server: is from server - FALSE dissect_ssl server xxx.xxx.xxx.xxx:443 conversation = 050B1C98, ssl_session = 050B1E70 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 138 ssl, state 0x00 association_find: TCP port 3910 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder availabledissect_ssl3_handshake iteration 1 type 1 offset 5 length 134 bytes, remaining 143dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01 dissect_ssl enter frame #8 (first time) conversation = 050B1C98, ssl_session = 050B1E70 dissect_ssl3_record found version 0x0301 -> state 0x11 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 1113 ssl, state 0x11 association_find: TCP port 443 found 03F5B3D0 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder availabledissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 1118dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13 dissect_ssl3_hnd_srv_hello can't find cipher suite 0x33dissect_ssl3_handshake iteration 0 type 11 offset 79 length 603 bytes, remaining 1118 dissect_ssl3_handshake iteration 0 type 12 offset 686 length 424 bytes, remaining 1118 dissect_ssl3_handshake iteration 0 type 14 offset 1114 length 0 bytes, remaining 1118dissect_ssl enter frame #10 (first time) conversation = 050B1C98, ssl_session = 050B1E70 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 102 ssl, state 0x13 association_find: TCP port 3910 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder availabledissect_ssl3_handshake iteration 1 type 16 offset 5 length 98 bytes, remaining 107dissect_ssl3_handshake found SSL_HND_CLIENT_KEY_EXCHG state 0x13 dissect_ssl3_handshake not enough data to generate key (required 0x17) dissect_ssl3_record: content_type 20 dissect_ssl3_change_cipher_spec association_find: TCP port 3910 found 00000000 packet_from_server: is from server - FALSE ssl_change_cipher CLIENT dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 48 ssl, state 0x13 association_find: TCP port 3910 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder availabledissect_ssl3_handshake iteration 1 type 94 offset 118 length 7042118 bytes, remaining 166------------------------------------------------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx https://wireshark.org/mailman/listinfo/wireshark-users
- Follow-Ups:
- Re: [Wireshark-users] Decoding SSL - what cipher suites are supported?
- From: ixxus nexxus
- Re: [Wireshark-users] Decoding SSL - what cipher suites are supported?
- References:
- [Wireshark-users] Decoding SSL - what cipher suites are supported?
- From: ixxus nexxus
- [Wireshark-users] Decoding SSL - what cipher suites are supported?
- Prev by Date: Re: [Wireshark-users] wireshark extract specific field
- Next by Date: Re: [Wireshark-users] wireshark extract specific field
- Previous by thread: [Wireshark-users] Decoding SSL - what cipher suites are supported?
- Next by thread: Re: [Wireshark-users] Decoding SSL - what cipher suites are supported?
- Index(es):