> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Jeffrey Walton
> Sent: Tuesday, 04 March, 2014 13:43
> 
> On Tue, Mar 4, 2014 at 1:33 PM, Viktor Dukhovni
> <openssl-us...@dukhovni.org> wrote:
> >
> > The wireshark gui decodes SSL handshakes everywhere I've tried it,
> > but you have to have the right compile-time options, and ask it to
> > decode as ssl.
> Here's what I got on two different machines:
> http://postimg.org/image/wxxfx0exd/.
> 
> Perhaps I have missed a Wireshark configuration option somewhere (most
> of the time, its port 443 so everything works as expected).

Open the Analyze menu (or right-click on a packet in the upper frame), select 
"Decode as...", and pick SSL from the list.

Note that Wireshark is only able to decode encrypted traffic under fairly 
stringent conditions: it needs an RSA-keyed cipher suite, it has to be built 
with the appropriate support, it has to be built to use GnuTLS rather than 
OpenSSL or BSAFE as its SSL/TLS library, and it has to have access to the 
server's private key. But even without all that it can decode the unencrypted 
portions of the flows.

The Wireshark documentation is decent. See http://wiki.wireshark.org/SSL to 
start; the wireshark.org search function finds a lot more information about 
SSL/TLS dissection.

-- 
Michael Wojcik
Technology Specialist, Micro Focus




This message has been scanned for malware by Websense. www.websense.com

Reply via email to