Wireshark-bugs: [Wireshark-bugs] [Bug 5963] Add decryption for resumed TLS sessions with a sessi
Date: Thu, 17 Nov 2011 10:57:05 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5963

Stephen Mc Gowan <mcclown@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #6409|0                           |1
        is obsolete|                            |
   Attachment #6410|0                           |1
        is obsolete|                            |
   Attachment #6411|0                           |1
        is obsolete|                            |
   Attachment #6412|0                           |1
        is obsolete|                            |

--- Comment #5 from Stephen Mc Gowan <mcclown@xxxxxxxxx> 2011-11-17 10:57:03 PST ---
Created an attachment (id=7434)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7434)
sample captures of https://www.google.com with tls_session_tickets enabled and
disabled in Firefox.

(In reply to comment #4)
> BTW  Your tracefile does not contain the original full TLS handshake, so even
> if this functionality was written, it would not help you in this case.  Could
> you post another tracefile with session resumption based on TLS tickets, but
> now also including the original full TLS handshake. When the code gets written,
> we can use that to test the code.

I thought I had included everything. Sorry about the delay, I missed this
response until now. Here's another two captures again. Both of these were ran
on two separate freshly built machines and these captures where the first thing
ran on these machines. The capture was run with a MAC filter for the local
machines and  I also waited for the tcp connections to close before ending the
capture so all packets should be in these captures.

The simplest way to open up these captures with the key file is to call
ireshark from the command line like this: 

wireshark.exe -o ssl.keylog_file:"<path to keyfile>" <path to pcap>

Let me know if there is anything else you need.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.