Hey,
We're pretty interested in embedding SSL key log information into pcap-ng
to make it really convenient to open up a single file and get SSL/TLS
sessions decrypted.
I looked around and found a ticket and some wiki content related to this
subject:
- "use capture file comment to configure SSL
On Fri, May 4, 2018 at 1:15 AM, Peter Wu wrote:
> Hi Ben,
>
> On Thu, May 03, 2018 at 04:13:33PM -0700, Ben Higgins wrote:
> > We're pretty interested in embedding SSL key log information into pcap-ng
> > to make it really convenient to open up a single file an
> Regards,
>
> Paul Zander
>
>
>
>
>
> *From:* Wireshark-dev *On Behalf Of
> *Ben Higgins
> *Sent:* vrijdag 4 mei 2018 01:14
> *To:* wireshark-dev@wireshark.org
> *Subject:* [Wireshark-dev] Embed SSL keylog file in pcap-ng
>
>
>
> Hey,
>
Hey folks,
Here's what I'm thinking at this point: a new block type for SSL/TLS
keylogs and another block type for DTLS keylogs. The contents of each will
be the format as described here:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
Any number of these blocks can b
On Fri, May 18, 2018 at 5:51 PM, Peter Wu wrote:
> On Fri, May 18, 2018 at 11:44:12AM -0700, Ben Higgins wrote:
> > Hey folks,
> >
> > Here's what I'm thinking at this point: a new block type for SSL/TLS
> > keylogs and another block type for DTLS keylogs. T
On Fri, May 18, 2018 at 6:02 PM, Guy Harris wrote:
> On May 18, 2018, at 5:51 PM, Peter Wu wrote:
>
> > On Fri, May 18, 2018 at 11:44:12AM -0700, Ben Higgins wrote:
> >
> >> One thing I'm unclear on is how to trigger a reparse of previously
> >>
On Friday, May 18, 2018, Guy Harris wrote:
> On May 18, 2018, at 6:08 PM, Ben Higgins wrote:
>
> > Sounds like it'd still be fine for there to be multiple keylog blocks,
>
> Yes.
>
> > but, as you say, they must occur before any packets that require the
>
in everything needed for
Wireshark to decrypt its contents. Today, the user has to jump through some
hoops (either clicking through dialog boxes or knowing the (perhaps
undocumented?) command-line option) to select a keylog file. We want to
improve on that experience.
Ben
Good luck and best regards,
On Sun, Sep 30, 2018 at 10:47 AM Peter Wu wrote:
> Hi all,
>
> Earlier this year, Ben Higgins proposed a new pcapng block to store
> SSL/TLS session secrets that would allow users to enable decryption of
> packet traces without further configuration. I would like to solicit for
