Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Ciphersuites supported by TLS/SSL decoding

From: "Gotthard, Petr" <Petr.Gotthard@xxxxxxxxxxxxx>
Date: Tue, 16 Jun 2015 10:26:31 +0000

Hello,

 

the Wireshark users (including myself) often struggle with the TLS/SSL decoding capability in Wireshark-- after doing proper configuration they are still unable to see the decoded data. This is often because Wireshark can decode only some ciphersuites.

 

I didn’t find any “deterministic” documentation on this aspect. It may be nice to provide some guidance on what ciphersuites are (and what are not) supported so that the TLS/SSL decoding can be enabled in a straightforward way. This can be done by disabling the unsupported ciphersuites (or enabling only the supported ciphersuites) in the client/server, so that only the ciphersuites supported by Wireshark are negotiated.

 

My understanding is that wireshark does not support the "Ephemeral" ciphersuites, i.e. any Diffie-Hellman Ephemeral (DHE/EDH) or RSA Ephemeral cipher suite must not be negotiated. I'm not sure there are any "RSA Emphemeral" suites as another article said that this is not practically used. However, there are many TLS_DHE_xxx and TLS_ECDHE_xxx ciphersuites.

 

Do you concur with these statements? Will disabling of the TLS_DHE_xxx and TLS_ECDHE_xxx ciphersuites guaratntee that only the ciphersuites supported by Wireshark are negotiated?

 

 

Kindest Regards,

Petr