Wireshark-bugs: [Wireshark-bugs] [Bug 8075] The SSL dissector stops decrypting the SSL conversat
Evan Huus
changed
bug 8075
What |
Removed |
Added |
Status |
UNCONFIRMED
|
INCOMPLETE
|
CC |
|
eapache@gmail.com
|
Ever confirmed |
|
1
|
Comment # 2
on bug 8075
from Evan Huus
Bug #7950 probably isn't related - it has to do with reassembly within
correctly decrypted SSL conversations, where as this sounds like incorrectly
decrypted SSL conversations.
The fact that it's putting up a "Malformed Packet" error suggests that the SSL
dissector is trying to access memory past the end of a packet and is throwing
an exception (there are other things that could cause the same error, but that
is the most likely). This means one of the following is probably true:
1. there's a bug in the ssl dissector
2. there's an actual malformed packet
3. there's a non-ssl packet that's getting picked up as ssl, and is thus
appearing malformed
If it's 2 or 3 you may be able to tell by looking at the raw byte-level
contents of the first malformed packet - could somebody be incorrectly sending
unencrypted HTTP over that port for example?
The more likely case is 1, unfortunately in which case you'll have to attach an
example capture. Unfortunately we also likely need the decryption key to
reproduce, which you probably can't share.
Still, let me know what you find. I'm probably not the best person to look at
this, but if we get enough information I'll try to find someone who knows more
about our ssl decryption code.
You are receiving this mail because:
- You are watching all bug changes.