Wireshark-bugs: [Wireshark-bugs] [Bug 9616] use capture file comment to configure SSL dissector
Comment # 12
on bug 9616
from Dirk
I did not have the time to follow up on those initial suggestions. I also don't
think that my employer will allow me to spend time on making changes to pcap-ng
and then subsequently to Wireshark for this feature, as they have a solution
that works for them.
However one remark to comment #11: while the session key is ultimately used to
decrypt an SSL stream, it is almost never available for real world use. Without
special tricks, you don't know the session key used by a SSL client or server
implementation. Also capture files may be produced continuously (from network
tap appliances). When you analyze them you see that a SSL session was used.
You're typically able to get the SSL private key from the servers certificate
file and use it to decrypt your capture file, but you'll not be able to get the
session key, since these are not logged by default anywhere.
So if you want to make an extension for pcap-ng, it should support a session
key, as well as the private key (for SSL applications).
You are receiving this mail because:
- You are watching all bug changes.