> From: owner-openssl-us...@openssl.org On Behalf Of Nayna Jain > Sent: Friday, 18 January, 2013 14:52
> I have been trying [wireshark]. it shows handshake for TLSv1 for > some sites and not for others. > It works for me on all sites. Note wireshark usually selects the protocol to decode by port number; if you are using a nonstandard port number (on any site) it may not be recognized as SSL/TLS. Right-click a packet in the packet list pane, DecodeAs, make sure the tab for "transport TCP port(s)" shows the correct port(s), and choose SSL from the list. > I might be using it wrong.. but am not also sure if it > supports analyzing https by default.. > wireshark can decode the protocol "above" SSL only if it can decrypt the SSL data and thus see the higher level protocol, be it HTTP, SMTP, etc. This is true in only two cases: - if the SSL connection uses akRSA and you have (a copy of) the server private key (apparently in either OpenSSL traditional PEM_write_RSAPrivateKey format, *not* encrypted) or PKCS12 format. (The dialog allows you to enter password, but apparently that password is used only for PKCS12 NOT RSAPrivateKey.) Configure the key, and the address/port(s) to which it applies, in Edit/Preferences/SSL. - for recent versions according to doc (I haven't used yet) if you have the *session* master or possibly premaster, apparently as printed out by openssl s_client (but why would you need to decrypt a session you did with s_client, you already know the plaintext of that??). ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
