Wireshark-dev: [Wireshark-dev] Issue with decrypting renegotiation handshake
From: Anil <[email protected]>
Date: Fri, 23 Sep 2016 18:50:26 +0530
Hi,

wireshark is not able to decrypt Renegotiation Handshake if the cipher used is of type ECDHE/DHE
(ephemeral diffe hellman)

we have used the (Pre)-Master-Secret log filename option

this is the format of the above log filename

CLIENT_RANDOM 0c6b1d700b7a8636a3a90d4a29f2503422ee4ed74bac577eeba2c398492a70a0 8b690ee58c10a23d892d9a591ac98ce95c6e3b8df4fa95505a87368caf73e91ed1bc5e3d27fd8cfbfcaad2689447e425
CLIENT_RANDOM 203ce15b76e06e32fcb34e7856c07da95e08ee53f1d3b4fe25136254dbaf1ef4 eadd8b89504e2c2b6ad91479f1c30addc701ded96a6e8abef3a6e8d872f435fae096a81d556bee65a812860364e2bc60

where,
first CLIENT_RANDOM is of Initial Handshake
second CLIENT_RANDOM is of Reneg Handshake

--Anil