Re: [Wireshark-dev] [pcap-ng-format] Proposal for storing decryption secrets in a pcapng block

On Sun, Sep 30, 2018 at 10:47 AM Peter Wu wrote: > Hi all, > > Earlier this year, Ben Higgins proposed a new pcapng block to store > SSL/TLS session secrets that would allow users to enable decryption of > packet traces without further configuration. I would like to solicit for

Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng

in everything needed for Wireshark to decrypt its contents. Today, the user has to jump through some hoops (either clicking through dialog boxes or knowing the (perhaps undocumented?) command-line option) to select a keylog file. We want to improve on that experience. Ben Good luck and best regards,

Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng

On Friday, May 18, 2018, Guy Harris wrote: > On May 18, 2018, at 6:08 PM, Ben Higgins wrote: > > > Sounds like it'd still be fine for there to be multiple keylog blocks, > > Yes. > > > but, as you say, they must occur before any packets that require the >

Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng

On Fri, May 18, 2018 at 6:02 PM, Guy Harris wrote: > On May 18, 2018, at 5:51 PM, Peter Wu wrote: > > > On Fri, May 18, 2018 at 11:44:12AM -0700, Ben Higgins wrote: > > > >> One thing I'm unclear on is how to trigger a reparse of previously > >>

Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng

On Fri, May 18, 2018 at 5:51 PM, Peter Wu wrote: > On Fri, May 18, 2018 at 11:44:12AM -0700, Ben Higgins wrote: > > Hey folks, > > > > Here's what I'm thinking at this point: a new block type for SSL/TLS > > keylogs and another block type for DTLS keylogs. T

Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng

Hey folks, Here's what I'm thinking at this point: a new block type for SSL/TLS keylogs and another block type for DTLS keylogs. The contents of each will be the format as described here: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format Any number of these blocks can b

Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng

> Regards, > > Paul Zander > > > > > > *From:* Wireshark-dev *On Behalf Of > *Ben Higgins > *Sent:* vrijdag 4 mei 2018 01:14 > *To:* wireshark-dev@wireshark.org > *Subject:* [Wireshark-dev] Embed SSL keylog file in pcap-ng > > > > Hey, >

Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng

On Fri, May 4, 2018 at 1:15 AM, Peter Wu wrote: > Hi Ben, > > On Thu, May 03, 2018 at 04:13:33PM -0700, Ben Higgins wrote: > > We're pretty interested in embedding SSL key log information into pcap-ng > > to make it really convenient to open up a single file an

[Wireshark-dev] Embed SSL keylog file in pcap-ng

Hey, We're pretty interested in embedding SSL key log information into pcap-ng to make it really convenient to open up a single file and get SSL/TLS sessions decrypted. I looked around and found a ticket and some wiki content related to this subject: - "use capture file comment to configure SSL