Wireshark mailing list archives

Re: Ciphersuites supported by TLS/SSL decoding

From: masonke <masonke () gmail com>
Date: Tue, 16 Jun 2015 11:55:08 -0400

Diffie Hellman key exchange does not pass the prime numbers across the wire. That prevents Wireshark, or any other 
party from decoding the conversation.

It isn’t a support issue as much as DH key exchanges are built to prevent eavesdropping. The tradeoff is a higher 
resource on the end points
~KEM

On Jun 16, 2015, at 06:26, Gotthard, Petr <Petr.Gotthard () Honeywell com> wrote:

Hello,
 
the Wireshark users (including myself) often struggle with the TLS/SSL decoding capability in Wireshark-- after doing 
proper configuration they are still unable to see the decoded data. This is often because Wireshark can decode only 
some ciphersuites.
 
I didn’t find any “deterministic” documentation on this aspect. It may be nice to provide some guidance on what 
ciphersuites are (and what are not) supported so that the TLS/SSL decoding can be enabled in a straightforward way. 
This can be done by disabling the unsupported ciphersuites (or enabling only the supported ciphersuites) in the 
client/server, so that only the ciphersuites supported by Wireshark are negotiated.
 
My understanding is that wireshark does not support the "Ephemeral" ciphersuites, i.e. any Diffie-Hellman Ephemeral 
(DHE/EDH) or RSA Ephemeral cipher suite must not be negotiated. I'm not sure there are any "RSA Emphemeral" suites as 
another article said that this is not practically used. However, there are many TLS_DHE_xxx and TLS_ECDHE_xxx 
ciphersuites.
 
Do you concur with these statements? Will disabling of the TLS_DHE_xxx and TLS_ECDHE_xxx ciphersuites guaratntee that 
only the ciphersuites supported by Wireshark are negotiated?
 
 
Kindest Regards,
Petr
 
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org <mailto:wireshark-users () wireshark org>>
Archives:    https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users 
<https://wireshark.org/mailman/options/wireshark-users>
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe <mailto:wireshark-users-request () 
wireshark org?subject=unsubscribe>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Ciphersuites supported by TLS/SSL decoding Gotthard, Petr (Jun 16)
- Re: Ciphersuites supported by TLS/SSL decoding masonke (Jun 16)