Wireshark-users: Re: [Wireshark-users] can't load private key from /root/foo.pem
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Thiago Moreira (timba)" <tmoreira2020@xxxxxxxxx>
Date: Wed, 20 Jan 2010 14:36:16 -0200

  Hey Sake,

  I'm using Chrome-4.0.249.43, Firefox-3.5.7 and Android emulator API level 1.6 all running on Ubuntu-9.10 and I didn't find a way to change/restrict the list of ciphers... Is it possible on these clients?

  Thanks again!

  Thiago Moreira

On Wed, Jan 20, 2010 at 2:06 PM, Sake Blok <sake@xxxxxxxxxx> wrote:
On Tue, Jan 19, 2010 at 02:33:23PM -0200, Thiago Moreira (timba) wrote:
>      I don't see anything else, I'm a beginner in SSL matters... Attached I
>    sent my SSL debug file... I appreciate if some one would be able to check
>    if there is something wrong on it.

The problem is that you are using a DH cipher:

dissect_ssl3_hnd_srv_hello found CIPHER 0x0033 -> state 0x17

(cipher 0x33 = TLS_DHE_RSA_WITH_AES_128_CBC_SHA)

It is not possible to decrypt SSL sessions that use a DH cipher based
on network traffic and private key. You could restrict the cipher-list on
the client to make sure a cipher is chosen that makes it possible to decrypt.

Cheers,


Sake
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe