Wireshark · Ethereal-dev: [Ethereal-dev] PCT cipher suites for SSL dissector

Ethereal-dev: [Ethereal-dev] PCT cipher suites for SSL dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Pasi Eronen <pasi.eronen@xxxxxxxx>

Date: Wed, 10 Apr 2002 18:25:04 +0300 (EET DST

Hi,

The attached file adds (some) cipher suites for Microsoft's
old PCT protocol to packet-ssl.c. The PCT protocol itself
is not supported, just the cipher suites in SSLv2 Client Hello
packets (Internet Explorer sends these cipher suites
if you select "Use PCT 1.0" from Advanced options).

Could someone take a look at it and commit it?

Best regards,

Pasi

-- 
Pasi Eronen                         E-mail pasi.eronen@xxxxxxxx
Nixu Oy                             Tel +358 50 5123499
Mäkelänkatu 91, 00610 Helsinki      Fax +358 9 4781030

*** packet-ssl.c.old	Wed Apr 10 18:21:46 2002
--- packet-ssl.c	Wed Apr 10 18:19:39 2002
***************
*** 267,270 ****
--- 267,281 ----
      { 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
      { 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
+     /* Microsoft's old PCT protocol. These are from Eric Rescorla's
+        book "SSL and TLS" */
+     { 0x8f8001, "PCT_SSL_COMPAT | PCT_VERSION_1" },
+     { 0x800003, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509_CHAIN" },
+     { 0x800001, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509" },
+     { 0x810001, "PCT_SSL_HASH_TYPE | PCT1_HASH_MD5" },
+     { 0x810003, "PCT_SSL_HASH_TYPE | PCT1_HASH_SHA" },
+     { 0x820001, "PCT_SSL_EXCH_TYPE | PCT1_EXCH_RSA_PKCS1" },
+     { 0x830004, "PCT_SSL_CIPHER_TYPE_1ST_HALF | PCT1_CIPHER_RC4" },
+     { 0x848040, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_128 | PCT1_MAC_BITS_128" },
+     { 0x842840, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_40 | PCT1_MAC_BITS_128" },
      /* note that ciphersuites of {0x00????} are TLS cipher suites in
       * a sslv2 client hello message; the ???? above is the two-byte

This message has been 'sanitized'.  This means that potentially
dangerous content has been rewritten or removed.  The following
log describes which actions were taken.

Sanitizer (start="1018452309"):
  Split unusually long Date: header.
  Writer (pos="918"):
    Total modifications so far: 1

  Part (pos="1175"):
    SanitizeFile (filename="unnamed.txt", mimetype="TEXT/PLAIN"):
      Match (rule="2"):
        Enforced policy: accept

  Part (pos="1836"):
    SanitizeFile (filename="packet-ssl.diff", mimetype="TEXT/PLAIN"):
      Match (rule="default"):
        Enforced policy: accept


Anomy 0.0.0 : Sanitizer.pm
$Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15 bre Exp $

Follow-Ups:
- Re: [Ethereal-dev] PCT cipher suites for SSL dissector
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] More OSPF filtering
Next by Date: Re: [Ethereal-dev] filter-expressions
Previous by thread: [Ethereal-dev] patch: add Capture/Restart
Next by thread: Re: [Ethereal-dev] PCT cipher suites for SSL dissector
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$