Hi!
I've a question about the cipher TLS_RSA_CAMELLIA_256_CBC_SHA1 (Wireshark
version 1.8.4): assuming that I have the RSA private key (.pem) file associated to the server certificate,
does Wireshark support the decryption of a SSL session which uses the mentioned cipher suite?
When I try to decrypt a pcap log containing that kind of SSL session, I get the following error:
"dissect_ssl3_hnd_srv_hello can't find cipher suite 0x84".
At the beginning I've thought the problem was related to GnuTLS, so I've recompiled it enabling
the support for camellia.
Nevertheless I've kept receiving the same error message, so I've traced the execution flow of this error case and I've managed to understand that in
'dissect_ssl3_hnd_srv_hello()' (contained in epan/dissectors/packet-ssl.c), 'ssl_find_cipher()' returns a negative value.
This second function fails because it can't succeed in finding out the current cipher number (132 in my case) when it looks up in 'cipher_suites',
the static array defined in epan/dissectors/packet-ssl-utils.c .
Since TLS_RSA_CAMELLIA_256_CBC_SHA1 isn't specified in 'cipher_suites', does it means that the cipher is not supported?
If yes, is there a flag to enable it at compile time ?
Thanks in advance.
Luca
