Wireshark-bugs: [Wireshark-bugs] [Bug 10984] SSL Decrypted Packet Not Decoded As HTTP
Date: Sun, 13 Sep 2015 22:41:42 +0000

Comment # 12 on bug 10984 from
(In reply to Jeff Morriss from comment #8)
> (In reply to Alexis La Goutte from comment #6)
> > (In reply to Peter Wu from comment #5)
> > > By removing `ssl_dissector_add`, won't you disable the "spdy" protocol
> > > selection option at the RSA keys dialog?
> > 
> > After quick check... yes !
> > May be add (like HTTP2) with heur_dissector_add("ssl".... (and also add
> > option to disable SPDY Heuristic by default)
> 
> That doesn't make sense.  Or else my change
> I1b72bccd4c96c21c73a19fa2d87fe2c0b875a0fa was wrong.  My belief (when I made
> that change) was that any protocol registered by name (by calling
> *register_dissector()) can be used in the SSL keys UAT.

ssl_dissector_add seems overloaded with two functions:
 - add tcp.port/udp.port mapping to SSL/DTLS dissectors
 - add an "asssociation" to make the SSL dissector recognize the protocol
(similar to "app_handle").

The "association" stuff is overloaded with multiple meanings:
 - official/common ports (IANA registration such as http, smtp)
 - port number based on protocol preference (e.g. http.ssl.ports)
 - port number based on UAT dialog (yes, it is not just bound to a single
address).

For the last point, I think that I'll consider splitting the UAT dialog into
one for certs+pw (and use a detection on the Certificate handshake message
instead of address+port) and extend DecodeAs to support SSL.

The above patch is bandaid to fix this situation for now.


You are receiving this mail because:
  • You are watching all bug changes.