I seem to be able to decrypt SSL sessions by following the http://wiki.wireshark.org/SSL HOWTO for Safari, but not for Opera or Chrome. To test this I have a very simple java server available at https://github.com/bblfish/TLS_test I posted a bug report on this https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5423 Go and vote for that bug. It's important for the web if it is going to be secure and allow us to have https everywhere that Wireshark function well on all browsers. http://www.eff.org/deeplinks/2010/10/message-firesheep-baaaad-websites-implement (Or let me know what I am doing wrong! :-) asked 20 Nov '10, 09:03  bblfish |
One Answer:
I checked the Opera capture file in the bugreport and it shows that a Diffie Hellman cipher has been chosen. By the nature of the DH protocol, decryption will not work without supplying the keying material that is dynamically created. You can restrict the list of acceptable ciphers to circumvent this problem. answered 20 Nov '10, 09:12  SYN-bit ♦♦ |
Thanks a lot SYNbit. That will help me debug my server at least.
I'll respond further on the bug report.