Wireshark-bugs: [Wireshark-bugs] [Bug 3444] Need the ability to export SSL decrypted captures
Date: Tue, 7 Jun 2011 19:28:02 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444

[email protected] changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[email protected]

--- Comment #23 from [email protected] 2011-06-07 19:27:58 PDT ---
> OK, done :-)
> 
> It has been included in SVN 37446, so if you want to test it, go ahead and
> build your own or download an automated build from
> http://www.wireshark.org/download/automated/
> 
> You can now choose "File -> Export -> SSL Session Keys..." and save the keyring
> information of all the decrypted sessions in the tracefile.
> 
> When you want to decrypt SSL traffic in that particular trace file without the
> private key, point to the exported keys file in the SSL protocol preferences
> (At: (Pre-)Master-Secret log filename).
> 
> Please test and report your findings :-)

Feature works great for SSL sessions where the server supports session
reuse/caching. This is awesome and will come in very handy.  However, there are
situations where the server/device may not cache sessions and the session id
field is not present, likewise session id length is 0. When this occurs the
exported SSL session keys error out in import/capture load with the error:
"rejecting line due to bad format"  presumably because there is no key
following the RSA Session-ID: field.

This may be expected but I wanted to mention it just in case.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.