Enable decryption of TLS 1.2.
Add some cipher suites from RFC5246 and RFC5289.
Fixed a bug in the handling of stream cipher.
(The explicit IV field in the application record doesn't exist when stream ciphers are used. But the original code handles it as if one-byte IV exists.)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6688
svn path=/trunk/; revision=40273
From Marc Petit-Huguenin:
- Removed directResponseForwarding.
- The certificate_type enum is now defined as RFC 6091's CertificateType
so moved the definition to packet-ssl-utils.[ch].
- Fixed invalid values for CERTIFICATE_BY_NODE and CERTIFICATE_BY_USER
Kinds.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5967
svn path=/trunk/; revision=37452
This patch adds support for getting the pre-master secret of a TLS
connection from a log file. Currently Wireshark can decrypt and TLS
connection only if it has the server's private key.
I commonly have a use case where I control the TLS client, but not the
server. In order to decrypt in this case, I've added support to NSS
(used by Chrome and Firefox) to log the keys to a file on disk:
https://bugzilla.mozilla.org/show_bug.cgi?id=536474
Given this file, Wireshark can then decrypt the resulting TLS connections.
The format is such that Wireshark opens and linearly scans the file each
time it sees a ClientKeyExchange. If the key log grows too large, this
is pretty inefficient. However, it's simple and the number of
interesting TLS connections when debugging is usually very small.
svn path=/trunk/; revision=36876
- Support for DTLS and SSL RSA keys list using User Accessible Table
- Support for IPv6 SSL as posted by bug#3343 comment#1
- 'any' and 'anyipv4' for IPv4 wildcard
- 'anyipv6' for IPv6 wildcard
- UAT fields validation.
From me:
- Update paramaters to match UAT API changes.
- Change the UAT filename.
- Fix buffer overflow for IPv6 addresses.
- Allow the use of hostnames along with numeric addresses.
- Don't convert strings to addresses twice.
- Don't use the same variable name for different data types.
- Make "any" mean "any IPv4 or any IPv6".
- Bend the concept of obsolete preferences slightly so that we can convert
and old-style key list to a UAT.
- Clean up whitespace.
- Don't point to a User's Guide section for now; it may make more sense to
keep using the wiki page.
SSL dissector changes have been tested. DTLS dissector changes have not.
svn path=/trunk/; revision=36875
for GNUTLS since they provide 32-bit and 64-bit Windows packages. We no
longer have winposixtype.h, so remove its #includes and add a ssize_t
typedef to config.h.win32.
svn path=/trunk/; revision=31341
- the StringInfo allocator may fail when a 0 data length is requested
- many wrong values into the cipher_suites table
- duplicated code for ssl session state checking before each
ssl_generate_keyring_material() call
- missing initialization of 'server_data_for_iv.data_len' and
'client_data_for_iv.data_len' in ssl_session_init()
From Jaap Keuter:
- Some code rationalisation
- Gammatical/factual corrections in output and comments
- Whitespace cleanup
svn path=/trunk/; revision=25684
- add ability to read server private key from encrypted PKCS#12 file
- use 0.0.0.0|any|ANY as a wildcard IP address (e.g. if one certificate is used in more servers)
svn path=/trunk/; revision=23995
This patch updates the DTLS dissector to be compatible with OpenSSL 0.9.8f in
the following ways:
* Handle both SSL version number 0xfeff (RFC 4347 and OpenSSL 0.9.8f), and
0x100 (Used by OpenSSL 0.9.8e and earlier)
* Reassemble fragmented handshake messages.
svn path=/trunk/; revision=23369
most have been tagged unused (few have been deleted if dissector has not been
modified since a long time)
move packet-ssl-utils.c to DISSECTOR_SRC
svn path=/trunk/; revision=21431
now that it is no longer a static variable in packet-ssl-utils.h.
Leaving it as static caused a warning turned error that it was unused
in the current file (packet-ssl-utils.h). Resolution: Move the variable
to packet-ssl.c and declare as extern in packet-dtls.c - the only other
place that needs it.
svn path=/trunk/; revision=21161