We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] Problem deciphering an openssl stream

From: Philippe Fremy <phil@xxxxxxxxxxxxxxx>
Date: Mon, 11 Oct 2010 13:47:39 +0200
kolos_ws@xxxxxxxx wrote:
> Hi Philippe,
>> Very interesting documentation. Certainly worth adding to the SSL
>> wiki page.
>> Is there any way I can validate that my client is using a DH algorithm ?
>> I looked at the trace again, the thing that looks like choosing the
>> protocol is the following :
>> TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
>>     Content Type: Change Cipher Spec (20)
>>     Version: TLS 1.0 (0x0301)
>>     Length: 1
>>     Change Cipher Spec Message
>> But it does not mention any protocol names. Nor does it in the debug
>> log.
> In the trace, look at the Server Hello.
> It should contain something like 'Cipher Suite'.
> I've just done a quick test, and for me, it looks like:
> "Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)"
Handshake Protocol: Server Hello
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

I don't see any DH here, so maybe that's not the problem.

> If you're using Firefox as your client, you can view what it's
> configured to use by typing 'about:config' in your address bar.

It's a SOAP call done from a python soap implementation. I should be
able to configure it somewhere but I am not sure of what I should put.