Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Ciphersuites supported by TLS/SSL decoding

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: masonke <masonke@xxxxxxxxx>
Date: Tue, 16 Jun 2015 11:55:08 -0400
Diffie Hellman key exchange does not pass the prime numbers across the wire. That prevents Wireshark, or any other party from decoding the conversation.

It isn’t a support issue as much as DH key exchanges are built to prevent eavesdropping. The tradeoff is a higher resource on the end points
~KEM

On Jun 16, 2015, at 06:26, Gotthard, Petr <Petr.Gotthard@xxxxxxxxxxxxx> wrote:

Hello,
 
the Wireshark users (including myself) often struggle with the TLS/SSL decoding capability in Wireshark-- after doing proper configuration they are still unable to see the decoded data. This is often because Wireshark can decode only some ciphersuites.
 
I didn’t find any “deterministic” documentation on this aspect. It may be nice to provide some guidance on what ciphersuites are (and what are not) supported so that the TLS/SSL decoding can be enabled in a straightforward way. This can be done by disabling the unsupported ciphersuites (or enabling only the supported ciphersuites) in the client/server, so that only the ciphersuites supported by Wireshark are negotiated.
 
My understanding is that wireshark does not support the "Ephemeral" ciphersuites, i.e. any Diffie-Hellman Ephemeral (DHE/EDH) or RSA Ephemeral cipher suite must not be negotiated. I'm not sure there are any "RSA Emphemeral" suites as another article said that this is not practically used. However, there are many TLS_DHE_xxx and TLS_ECDHE_xxx ciphersuites.
 
Do you concur with these statements? Will disabling of the TLS_DHE_xxx and TLS_ECDHE_xxx ciphersuites guaratntee that only the ciphersuites supported by Wireshark are negotiated?
 
 
Kindest Regards,
Petr
 
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube