Re: Decrypting SSL in dissector

[Rob Napier <robnapier () gmail com>]

So make a separate RSA key table within the amp protocol preferences? And
then pass that along to SSL when the protocol goes encrypted?

I assume the same issue impacts LDAP/TLS and XMPP?

-Rob


On Fri, Jan 10, 2014 at 11:51 AM, Jeff Morriss <jeff.morriss.ws () gmail com>wrote:

> I think for that you can't enter the encryption keys in the UAT but rather
> your amp dissector would need to register for the SSL after the negotiation.
>
>
> On 01/09/14 11:55, Rob Napier wrote:
>
> > That was exactly it. Thank you!
> >
> > I'm now seeing a much less critical issue:
> >
> > The amp protocol starts off unencrypted, and then switches to SSL after
> > some negotiation. When I first start wireshark (without providing a
> > decryption key), I see the two AMP negotiation packets, and then SSLv3
> > packets. When I add the decryption key, the initial two handshake
> > packets get re-decoded as "SSL Continuation Data" and I lose the
> > unencrypted handshake information. The encrypted traffic then dissects
> > correctly.
> >
> > Is this expected? Is it possible to view both the encrypted and
> > unencrypted portions of the protocol on the same port?
> >
> > -Rob
> >
> >
> > On Thu, Jan 9, 2014 at 11:38 AM, Dirk Jagdmann <doj () cubic org
> > <mailto:doj () cubic org>> wrote:
> >
> >     do you have a new_register_dissector("amp", ...) in the
> >     proto_register_amp()
> >     function? Otherwise the SSL dissector can not match the "amp" string
> >     to a
> >     dissector handle/function.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe