https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4321
Sake <sake@xxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
Summary|SSL module unable to |SSL module unable to
|support low grade crypto |decrypt DH ciphers
--- Comment #1 from Sake <sake@xxxxxxxxxx> 2009-12-14 13:43:45 PST ---
The problem is not the low-grade cipher. It is the fact that the chosen cipher
is a DH cipher. When a DH cipher is used, the pre-master secret is not
transmitted encrypted using the server's public key from the certificate (which
is why providing the server private key makes it possible to decrypt SSL
traffic. Instead the client and server generate keying meterial dynamically,
only known to them and wireshark is not able to decrypt the traffic.
The only way to solve this is to have either the client or the server export
the chosen keying material. Once there are applications or libraries that
export the keying material, wireshark could be enhanced to also read the keying
material to decrypt the traffic.
As for now I will close this bug as Invalid...
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
