> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Jeffrey Walton > Sent: Tuesday, 04 March, 2014 13:43 > > On Tue, Mar 4, 2014 at 1:33 PM, Viktor Dukhovni > <openssl-us...@dukhovni.org> wrote: > > > > The wireshark gui decodes SSL handshakes everywhere I've tried it, > > but you have to have the right compile-time options, and ask it to > > decode as ssl. > Here's what I got on two different machines: > http://postimg.org/image/wxxfx0exd/. > > Perhaps I have missed a Wireshark configuration option somewhere (most > of the time, its port 443 so everything works as expected).
Open the Analyze menu (or right-click on a packet in the upper frame), select "Decode as...", and pick SSL from the list. Note that Wireshark is only able to decode encrypted traffic under fairly stringent conditions: it needs an RSA-keyed cipher suite, it has to be built with the appropriate support, it has to be built to use GnuTLS rather than OpenSSL or BSAFE as its SSL/TLS library, and it has to have access to the server's private key. But even without all that it can decode the unencrypted portions of the flows. The Wireshark documentation is decent. See http://wiki.wireshark.org/SSL to start; the wireshark.org search function finds a lot more information about SSL/TLS dissection. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com