Wireshark mailing list archives
Re: Embed SSL keylog file in pcap-ng
From: Ben Higgins <ben () extrahop com>
Date: Fri, 18 May 2018 11:44:12 -0700
Hey folks, Here's what I'm thinking at this point: a new block type for SSL/TLS keylogs and another block type for DTLS keylogs. The contents of each will be the format as described here: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format Any number of these blocks can be included. For each block encountered, ssl_load_keyfile will be called, with the correct per-protocol master key map included. Some code refactoring to ssl_load_keyfile will likely be required since we're dealing with an array of bytes instead of a FILE. One thing I'm unclear on is how to trigger a reparse of previously processed packets when a keylog block is encountered at e.g. the end of the file. Is that possible? Thanks, Ben On Sat, May 5, 2018 at 2:19 AM, Guy Harris <guy () alum mit edu> wrote:
On May 5, 2018, at 2:07 AM, Ahmad Fatoum <ahmad () a3f at> wrote:On 5May 2018, at 10:47, Guy Harris <guy () alum mit edu> wrote: That doesn't require "some authority that allocates protocolidentifiers", because it doesn't require protocol identifiers; all that needs to be done is to allocate pcapng block types to those protocols that require some additional information to decrypt its traffic.I like the idea of a "universal" key pcapng block more than requiringeach interested protocol to request its own block. Each protocol's key format has to be documented, to allow arbitrary programs to use the block, so they'll have to request it *anyway*, supplying the key format as part of the request. ____________________________________________________________ _______________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject= unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Embed SSL keylog file in pcap-ng, (continued)
- Re: Embed SSL keylog file in pcap-ng Paul Zander (May 04)
- Re: Embed SSL keylog file in pcap-ng Ben Higgins (May 04)
- Re: Embed SSL keylog file in pcap-ng Ahmad Fatoum (May 04)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 04)
- Re: Embed SSL keylog file in pcap-ng Ahmad Fatoum (May 04)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 05)
- Re: Embed SSL keylog file in pcap-ng Ahmad Fatoum (May 05)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 05)
- Re: Embed SSL keylog file in pcap-ng Ahmad Fatoum (May 05)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 05)
- Re: Embed SSL keylog file in pcap-ng Ben Higgins (May 18)
- Re: Embed SSL keylog file in pcap-ng Peter Wu (May 18)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 18)
- Re: Embed SSL keylog file in pcap-ng Ben Higgins (May 18)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 18)
- Re: Embed SSL keylog file in pcap-ng Ben Higgins (May 18)
- Re: Embed SSL keylog file in pcap-ng Jim Young (May 18)
- Re: Embed SSL keylog file in pcap-ng Ben Higgins (May 18)
- Re: Embed SSL keylog file in pcap-ng Guy Harris (May 04)
- Re: Embed SSL keylog file in pcap-ng Paul Zander (May 04)
- Re: Embed SSL keylog file in pcap-ng Ben Higgins (May 18)