Hi Tomas,
You have added the ssl_set_master_secret() method long time ago and
claim that it is was still being used in 2014:
https://www.wireshark.org/lists/wireshark-dev/201403/msg00168.html
Is this still the case? Is there any reason why you cannot use the SSL
Keylog file mechanism (preference ssl.keylog_file,
https://wiki.wireshark.org/SSL#Using_the_.28Pre.29-Master-Secret)? This
method allows you to to specify the keys for a full session (though it
does not allow you to set the sequence number).
The problem with this function is maintenance and inflexibility to move
forward. At the moment I am reworking how the IV size is calculated, but
due to this weird function I am kind of forced to expose symbols from
the ssl-utils file. At times other internal changes are made, but since
there are no tests it is not clear whether this functions still works or
not (these are maintenance issues).
With upcoming TLS 1.3, the fixed-length master secret is also gone.
Instead you have a traffic secret with the length equal to the cipher
suite's hash function. Even with this key you will still not be able to
decrypt the handshake (flexibility issues).
If there are no objections, I will remove this function in version 2.4.
If you still use it, please clarify the requirements (supported TLS
versions, whether you really need to start decryption at arbitrary
positions, etc.).
--
Kind regards,
Peter Wu
https://lekensteyn.nl
