Wireshark mailing list archives
Re: SSL/DTLS: allow setting of app data dissector when using keylog file
From: Peter Wu <peter () lekensteyn nl>
Date: Tue, 24 Feb 2015 00:25:21 +0100
On Mon, Feb 23, 2015 at 10:49:55PM +0100, Peter Wu wrote:
On Mon, Feb 23, 2015 at 03:32:48PM +0100, Gianrico wrote: I propose to make one or more of these changes: - Call the heuristics dissector only for the first data frame.
I forgot to mention the 1/n-1 splitting which is nowadays commonly done for SSL dissectors to mitigate BEAST. New-style dissectors could return "-1" ("I want more data") if they need more than the first byte.
- Decouple the list of valid protocols from transport_proto/addr/server_port->appdata_proto/keyfile associations. This allows for multiple valid protocols while linking one unique key per transport_proto/address/server_port tuple. (Jeff, comments?) - Allow a wildcard protocol name in the UAT dialog just to set the key, not the protocol ("any", "*" or the empty string?). - Select an appdata protocol in this order: STARTTLS hint, heuristics, associations, (first available) dissector hint. Why the suggested protocol selection order? - STARTTLS hint is quite strong. - Good heuristics can do "the right thing" automatically. - Associations are entered by the user. - For protocols such as SMTP, there is one clear choice which is great. For port 443, the best guess is HTTP (which should have been caught by the heuristics dissector) but others are possible.
-- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- SSL/DTSL: allow setting of app data dissector when using keylog file Gianrico (Feb 23)
- Re: SSL/DTLS: allow setting of app data dissector when using keylog file Peter Wu (Feb 23)
- Re: SSL/DTLS: allow setting of app data dissector when using keylog file Peter Wu (Feb 23)
- Re: SSL/DTLS: allow setting of app data dissector when using keylog file Peter Wu (Feb 23)