Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Decoding New TLS CLient Hello Extension

Date: Fri, 15 Apr 2016 13:10:31 +0000 (UTC)
Guys,

Thanks all for your support.   We will give this back to the community when it is all working OK.

I am working with the TLS group at IETF & things are quite unstable at the moment with TLS1.3.  But, it will be good to have a dissector for the new record types & extensions.   Having said that, things are changing, if not daily, then quite often.

If anyone wants to, I am happy to talk at SharkFest.
 
Thanks,

Nalini Elkins
Inside Products, Inc.
www.insidethestack.com
(831) 659-8360



From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Cc: nalini.elkins@xxxxxxxxxxxxxxxxxx
Sent: Friday, April 15, 2016 2:05 AM
Subject: Re: [Wireshark-dev] Decoding New TLS CLient Hello Extension



On 15 April 2016 at 02:24, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:
[Resending with the list in Cc:; I'm not sure why gmail's web interface decided to drop the list when I hit reply.]

On Thu, Apr 14, 2016 at 3:48 PM, <nalini.elkins@xxxxxxxxxxxxxxxxxx> wrote:


On Thu, Apr 14, 2016 at 3:07 PM, <nalini.elkins@xxxxxxxxxxxxxxxxxx> wrote:

>Your best path forward would likely be to just modify the SSL dissector's C code; ideally you could then push that code to Wireshark so future versions will dissect the extension too.

Sure.  Happy to do that (once it all works!) but I was having trouble finding where that SSL dissector's C code actually was.  It looks like it may be invoking gnutls libraries?  Thanks for your help.



I think the TLS client extension stuff is in packet-ssl-utils.c, in function ssl_dissect_hnd_hello_ext().



--
Graham Bloice