Wireshark-users: Re: [Wireshark-users] Does wireshark decode TLS_DHE_RSA_WITH_AES_256_CBC_SHA usi
From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Thu, 21 Feb 2008 16:38:14 +0100
On Thu, Feb 21, 2008 at 12:21:42PM +0100, Sake Blok wrote:
> > then i did some gooleing to find intresting stuff about ephemeral keys 
> > cannot be decrypted.
> > please let me know if TLS_DHE_RSA_WITH_AES_256_CBC_SHA ( AES 256 bit 
> > Encryption ) can be decrypted using wireshark/tshark.
> 
> Unfortunately by the nature of the Diffie Hellman (DH) key exchange
> it is not possible to decode any cipher that uses DH to setup 
> the keys. So the cipher you are using can not be decrypted
> by Wireshark (the _DHE_ in the cipher indicates a DH key exchange).
> 
> If you are able to restrict your cipherlist, you can force
> ssl to use a cipher that *can* be decrypted by Wireshark.

Or you need to provide the DH-keys and enhance Wireshark to use them (or
find someone to do that).

 ciao
       Joerg
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.