Wireshark-users: Re: [Wireshark-users] Does wireshark decode TLS_DHE_RSA_WITH_AES_256_CBC_SHA usi
From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 21 Feb 2008 17:13:41 +0100
On Thu, Feb 21, 2008 at 04:38:14PM +0100, Joerg Mayer wrote:
> On Thu, Feb 21, 2008 at 12:21:42PM +0100, Sake Blok wrote:
> > > then i did some gooleing to find intresting stuff about ephemeral keys 
> > > cannot be decrypted.
> > > please let me know if TLS_DHE_RSA_WITH_AES_256_CBC_SHA ( AES 256 bit 
> > > Encryption ) can be decrypted using wireshark/tshark.
> > 
> > Unfortunately by the nature of the Diffie Hellman (DH) key exchange
> > it is not possible to decode any cipher that uses DH to setup 
> > the keys. So the cipher you are using can not be decrypted
> > by Wireshark (the _DHE_ in the cipher indicates a DH key exchange).
> > 
> > If you are able to restrict your cipherlist, you can force
> > ssl to use a cipher that *can* be decrypted by Wireshark.
> 
> Or you need to provide the DH-keys and enhance Wireshark to use them (or
> find someone to do that).

I was under the impression that these DH-keys within SSL randomly created 
when the ssl-session is being setup? In which case providig them to 
Wireshark is not possible...

Cheers,
    Sake