Wireshark mailing list archives
Re: question about bug 3303
From: Sake Blok <sake () euronet nl>
Date: Tue, 7 Sep 2010 21:19:08 +0200
On 7 sep 2010, at 14:45, kolos_ws () ural2 hu wrote:
Just out of interest, will Wireshark support the decryption of sessions that used DH to negotiate keys?Since DH uses keys that are generated on the fly, Wireshark would need some keying material from either the client or the server for those sessions to make it possible. There is some work in Chrome/Firefox to be able to log that session information and an enhancement request for Wireshark to import it. However, you would need to have a custom compiled version of Chrome/Firefox to be able to decrypt DH based SSL sessions. In short, yes, there will be more possibilities in the future, but not a general solution to be able to decrypt any SSL session that uses DH.Hm. If this is the case, if I were a businessman, sooner or later I'd completely disable all non-DH based SSL cipher suites in my product and sell it with saying that it's so secure (as this is the reason for using SSL in the first place) that even packet captures can't be decrypted from it.
Which is already the case. Keeping the server's private key a secret is what makes SSL secure. Even when DH ciphers are used (having the private key makes MITM attacks possible without the client noticing). Also many businesses do want to look into their own SSL traffic for Intrusion Detection, End-User performance management etc.
In other words, based on what you've just explained do you think that SSL decryption will be long supported functionality of Wireshark or will it diminish in the future?
The current SSL decryption functionality will not decrease, but it might become less useful when more DH ciphers are used. The need for troubleshooting stays, so people will come up with new functionality to decrypt SSL traffic...
I'm just thinking theoretically here.
Me too :-) Cheers, Sake ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- question about bug 3303 kolos_ws (Sep 03)
- Re: question about bug 3303 Sake Blok (Sep 03)
- Re: question about bug 3303 kolos_ws (Sep 03)
- Re: question about bug 3303 Sake Blok (Sep 03)
- Re: question about bug 3303 Sake Blok (Sep 03)
- Re: question about bug 3303 kolos_ws (Sep 06)
- Re: question about bug 3303 Sake Blok (Sep 06)
- Re: question about bug 3303 kolos_ws (Sep 07)
- Re: question about bug 3303 Sake Blok (Sep 07)
- Re: question about bug 3303 kolos_ws (Sep 07)
- Re: question about bug 3303 Sake Blok (Sep 07)
- Re: question about bug 3303 kolos_ws (Sep 03)
- Re: question about bug 3303 Sake Blok (Sep 03)