Wireshark-bugs: [Wireshark-bugs] [Bug 10984] SSL Decrypted Packet Not Decoded As HTTP
Comment # 12
on bug 10984
from Peter Wu
(In reply to Jeff Morriss from comment #8)
> (In reply to Alexis La Goutte from comment #6)
> > (In reply to Peter Wu from comment #5)
> > > By removing `ssl_dissector_add`, won't you disable the "spdy" protocol
> > > selection option at the RSA keys dialog?
> >
> > After quick check... yes !
> > May be add (like HTTP2) with heur_dissector_add("ssl".... (and also add
> > option to disable SPDY Heuristic by default)
>
> That doesn't make sense. Or else my change
> I1b72bccd4c96c21c73a19fa2d87fe2c0b875a0fa was wrong. My belief (when I made
> that change) was that any protocol registered by name (by calling
> *register_dissector()) can be used in the SSL keys UAT.
ssl_dissector_add seems overloaded with two functions:
- add tcp.port/udp.port mapping to SSL/DTLS dissectors
- add an "asssociation" to make the SSL dissector recognize the protocol
(similar to "app_handle").
The "association" stuff is overloaded with multiple meanings:
- official/common ports (IANA registration such as http, smtp)
- port number based on protocol preference (e.g. http.ssl.ports)
- port number based on UAT dialog (yes, it is not just bound to a single
address).
For the last point, I think that I'll consider splitting the UAT dialog into
one for certs+pw (and use a detection on the Certificate handshake message
instead of address+port) and extend DecodeAs to support SSL.
The above patch is bandaid to fix this situation for now.
You are receiving this mail because:
- You are watching all bug changes.