Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 3444] Need the ability to export SSL decrypted captures

Date: Thu, 30 Apr 2009 00:07:35 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444





--- Comment #7 from Sake <sake@xxxxxxxxxx>  2009-04-30 00:07:11 PDT ---
(In reply to comment #6)
> I guess, it is not necessary (and useful) to save all decrypted data.
> It should be enough to save master key, server IP:port, client IP:port for each
> session.
> Then the Wireshark should be able to decrypt SSL without server private key.

That's a great idea Tomas, why don't we implement it something like this:

1) add a preference to point to a master-key output file
2) write all the srcip:sport,dstip:dport,naster-key entries found in the
tracefile to this master-key output file
3) make the private key reader routine aware of this master-key output format
and read the master-keys into a list/array
4) additionally use this list/array to find keys to decrypt

This was you can provide the capture file and the master-key list, which only
contains decryption info specific for the sessions in the trace file, but not
for new traffic towards the ssl host.

This would also pave the way for decrypting traffic that was using a DH cipher,
as long as the client or server is capable of logging the master-keys (as was
mentioned earlier on one of the mailing lists).

No all we need to do is find time to implement this :-)


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.