Ciphersuites supported by TLS/SSL decoding

["Gotthard, Petr" <Petr.Gotthard () Honeywell com>]

Hello,



the Wireshark users (including myself) often struggle with the TLS/SSL decoding capability in Wireshark-- after doing 
proper configuration they are still unable to see the decoded data. This is often because Wireshark can decode only 
some ciphersuites.



I didn't find any "deterministic" documentation on this aspect. It may be nice to provide some guidance on what 
ciphersuites are (and what are not) supported so that the TLS/SSL decoding can be enabled in a straightforward way. 
This can be done by disabling the unsupported ciphersuites (or enabling only the supported ciphersuites) in the 
client/server, so that only the ciphersuites supported by Wireshark are negotiated.



My understanding is that wireshark does not support the "Ephemeral" ciphersuites, i.e. any Diffie-Hellman Ephemeral 
(DHE/EDH) or RSA Ephemeral cipher suite must not be negotiated. I'm not sure there are any "RSA Emphemeral" suites as 
another article said that this is not practically used. However, there are many TLS_DHE_xxx and TLS_ECDHE_xxx 
ciphersuites.



Do you concur with these statements? Will disabling of the TLS_DHE_xxx and TLS_ECDHE_xxx ciphersuites guaratntee that 
only the ciphersuites supported by Wireshark are negotiated?





Kindest Regards,

Petr

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe