Wireshark · Wireshark-users: Re: [Wireshark-users] Strange SSL decode issue (SUPL, ULP)

Wireshark-users: Re: [Wireshark-users] Strange SSL decode issue (SUPL, ULP)

From: "Ralf G. R. Bergs" <Ralf+WireShark@xxxxxxxxx>

Date: Tue, 28 Apr 2015 18:26:01 +0200

Hi Sake.

On 2015-04-28 13:04 , Sake Blok wrote:
> You can make sure decryption works in three ways:
>
> - Limit the cipher suites on the client, so that it only advertises
> non-DH ciphersuites
No chance for that. The client (SUPL agent) is preembedded on millions
of terminals already in the market.
> - Limit the cipher suites on the server, so that it only chooses
> non-DH ciphersuites (from the ciphersuites advertised by the client)
Technically I could do that I suppose, but I'm not sure about the
implications.
> - Make the client or the server log the PreMaster data and point
> Wireshark to the key log file in the "(Pre-)MasterSecret logfile" SSL
> protocol preference.
As mentioned earlier the only place where I could practically do it is
on the SUPL server. I guess I need to find out from the vendor whether
it's possible.
> Hope this helps,
Yes, it helped very much. Sometimes you don't see the obvious. Thanks a
bunch!

Kind regards,

Ralf

References:
- [Wireshark-users] Strange SSL decode issue (SUPL, ULP)
  - From: Ralf G. R. Bergs
- Re: [Wireshark-users] Strange SSL decode issue (SUPL, ULP)
  - From: Ralf G. R. Bergs
- Re: [Wireshark-users] Strange SSL decode issue (SUPL, ULP)
  - From: Sake Blok

Prev by Date: Re: [Wireshark-users] Strange SSL decode issue (SUPL, ULP)
Previous by thread: Re: [Wireshark-users] Strange SSL decode issue (SUPL, ULP)
Next by thread: [Wireshark-users] Multiple instances of Wireshark/ dumpcap capturing from same NICs
Index(es):
- Date
- Thread