Wireshark-bugs: [Wireshark-bugs] [Bug 10984] SSL Decrypted Packet Not Decoded As HTTP
Date: Mon, 23 Feb 2015 20:57:39 +0000

Comment # 9 on bug 10984 from
(In reply to Jeff Morriss from comment #8)
> (In reply to Alexis La Goutte from comment #6)
> > (In reply to Peter Wu from comment #5)
> > > By removing `ssl_dissector_add`, won't you disable the "spdy" protocol
> > > selection option at the RSA keys dialog?
> > 
> > After quick check... yes !
> > May be add (like HTTP2) with heur_dissector_add("ssl".... (and also add
> > option to disable SPDY Heuristic by default)
> 
> That doesn't make sense.  Or else my change
> I1b72bccd4c96c21c73a19fa2d87fe2c0b875a0fa was wrong.  My belief (when I made
> that change) was that any protocol registered by name (by calling
> *register_dissector()) can be used in the SSL keys UAT.

No, I think this is sane behavior. ssl_dissector_add() can be used to inform
the SSL dissector that the protocol can run over SSL. It is just that the
current implementation does unexpected things whenever multiple matches are
available.

I rarely use RSA keys in WS, the SSL keylog file is more convenient (when
available), so the protocol override in the UAT dialog is less useful for me.

As it stands now there are at least three protocols running over SSL on port
443: HTTP, HTTP2 and SPDY. ALPN and HTTP Upgrade partially helps, but wouldn't
it be great if you could override the automatically detected protocol via a
"Decode SSL As" option? ("Overrides the SSL Application Data protocol"). (I
have been thinking about this for a day, rejecting it because it work arounds
an issue in the dissector detection and because it does not scale for multiple
streams, but on the other hand it gives an easy way to override the dissector
set in the UAT dialog or things like SPDY/HTTP2 mixups).

For protocol hints, we could also use the idea described at
https://code.wireshark.org/review/7233


You are receiving this mail because:
  • You are watching all bug changes.