Wireshark · Wireshark-dev: [Wireshark-dev] Embed SSL keylog file in pcap-ng

Wireshark-dev: [Wireshark-dev] Embed SSL keylog file in pcap-ng

From: Ben Higgins <ben@xxxxxxxxxxxx>

Date: Thu, 3 May 2018 16:13:33 -0700

Hey,

We're pretty interested in embedding SSL key log information into pcap-ng to make it really convenient to open up a single file and get SSL/TLS sessions decrypted.

I looked around and found a ticket and some wiki content related to this subject:

- "use capture file comment to configure SSL dissector" is at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9616

- https://wiki.wireshark.org/Development/PcapNg#Wishlist includes "SSL session keys" with a description and a link to the above ticket

- and there's https://wiki.wireshark.org/DecryptionBlock -- what's described here is sounds really cool but in practice might be pretty tricky to implement

What I'd like to do is instead create a new pcap-ng block type that we can put SSL keylog file contents into verbatim. Then we can leverage existing code in Wireshark for parsing keylog files. I'd also rather keep this scoped to keylog files and not private keys (since private keys are longer term secrets and are more sensitive to deal with and everything's heading toward PFS anyway).

Any thoughts on this proposal? If folks are open to this approach then we'd be interested in writing up a patch.

Thanks!

Ben

Follow-Ups:
- Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng
  - From: Paul Zander
- Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng
  - From: Peter Wu
- Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng
  - From: Ahmad Fatoum

Prev by Date: Re: [Wireshark-dev] wiretap function wtap_open_offline fails with SIGSEGV
Next by Date: Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng
Previous by thread: Re: [Wireshark-dev] wiretap function wtap_open_offline fails with SIGSEGV
Next by thread: Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng
Index(es):
- Date
- Thread