Wireshark mailing list archives
Re: HTTP/2 decrytion with sslkeylog
From: Graham Bloice <graham.bloice () trihedral com>
Date: Thu, 19 Jan 2017 11:56:57 +0000
On 19 January 2017 at 06:38, Muhui Jiang <jiangmuhui () gmail com> wrote:
Hi all Thanks for your replied, I just thought that I may not get the reply anymore. Thanks Miroslav Rovis. Thanks for your encouragement, though I still didn't figure my problem out. I tried nearly one hundred times, which makes me doubt about myself :(. But I will continue work on this problem. I ever asked the same question in ask.wireshark.org, but get no answer. I ever see someone who post articles introducing the HTTP/2 decryption,which is nearly the same as SSL decryption. I tried, but failed. Here I want to say again, anyone who has decrypt the HTTP/2 successfully and completely, I hope to get your help to tell me your configurations and environments. Thank you so much. Besides, do you think whether I need to post this question to the dev-mailing list, which may get a appropriate solution. Regards Muhui
The dev mailing list is for development questions so wouldn't generally be appropriate for this type of question unless it turns out to be a bug. As all Wireshark contributors, bar Gerald, are volunteers on the project our ability to respond to user questions, or bugs or anything else is limited by our time, our abilities and our curiosity. In this particular case it would seem that no-one else has a capture of TLS encrypted HTTP2 traffic with the associated keylog so that the decryption could be tested. Providing such a capture and keylog and the Wireshark ssl debug log along with question is much more likely to get a response. The docs aren't very clear on the use of the ssl debug log, but it's set in the SSL dissector preferences. Fundamentally, I don't think using HTTP2 is any different to HTTP as far as TLS decryption is concerned and as decryption of that works the probability is that there's something wrong in the originators decryption setup. Pre-master secret decryption is part of the tests run for every build resulting from a Wireshark commit to the source repository, e.g. https://buildbot.wireshark.org/wireshark-master/builders/Windows%20Server%202012%20R2%20x64/builds/2660/steps/test.sh/logs/stdio (look for Section 6 decryption).
2017-01-19 10:00 GMT+08:00 Miroslav Rovis <miro.rovis () croatiafidelis hr>:On 170118-18:51+0000, Graham Bloice wrote:On 18 January 2017 at 18:43, Jim Aragon <Jim () agdatasystems com> wrote:At 09:39 AM 1/18/2017, you wrote:(Not much at all from me, but...) But for some reason, it seems the talk has gone elsewhere, or thatlostof poeple are even afraid to learn what is really happening with intheirmachines when on the internet...You're right, the talk has gone elsewhere. Specifically, almosteveryonewho used to monitor the mailing list has moved to the WiresharkQuestionand Answer site, ask.wireshark.org. That's now a better place foraskingWireshark questions, and you are much more likely to get an answerthere.Where the appropriate question is: https://ask.wireshark.org/questions/58758/http2-decrytion-with-sslkeylog and where it hasn't received any replies yet either ;-) I've watched not a small number of videos from Wireshark people recently, and I have to say I've become all the more of a fan of people who make the reading of the network available to all the end users of the world who are not afraid of learning. I'm (almost) 60 and I don't memorize names and events/procedures/facts unless I re-read/re-view/re-talk on the subject of the memorization, but... But I just very much like Gerald who invented Wireshark... And the CEO of the Riverbed (the Yankees fan and the baseball judge) is great too (God, what a fascinating pedagogical, heuristical, simple but comprising explanations!)... Terribly intriguing that he don't like coloring in Wireshark ;-) ! And the guy that currently works on the anonymization program, and who is a good English speaker but is German/Austrian/<some-other-Teutonic> national (originally)... And the guy I think, who in 2014(?) made Wireshark decrypt SSL! Sake Blok or so? The Dutch scuba diver... And the other one who Evangelically (in the non-denominative Christian way) gave everything to the poor, and now came back and works, and still doesn't even have the car or a house of his own... but is so happy! And the Japanese girl... And the others... I've currently little time, I sure always dump local traces (local till I find the money to do it properly, even running another machine for tracing is too costly at this time...)... Always, but only, that... And I have too little time right now to re-read/re-view as I said above that I need... And I'm glad that the company is doing great! Regards to everybody! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr
-- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- HTTP/2 decrytion with sslkeylog Muhui Jiang (Jan 13)
- Re: HTTP/2 decrytion with sslkeylog Miroslav Rovis (Jan 18)
- Re: HTTP/2 decrytion with sslkeylog Jim Aragon (Jan 18)
- Re: HTTP/2 decrytion with sslkeylog Graham Bloice (Jan 18)
- Re: HTTP/2 decrytion with sslkeylog Miroslav Rovis (Jan 18)
- Re: HTTP/2 decrytion with sslkeylog Muhui Jiang (Jan 18)
- Re: HTTP/2 decrytion with sslkeylog Graham Bloice (Jan 19)
- Re: HTTP/2 decrytion with sslkeylog Miroslav Rovis (Jan 19)
- Re: HTTP/2 decrytion with sslkeylog Jim Aragon (Jan 18)
- Re: HTTP/2 decrytion with sslkeylog Miroslav Rovis (Jan 18)