This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi everyone!

Does Wireshark support ssl RSA-CAMELLIA cipher decryption? I'm trying to decrypt a pcap log (with the well known RSA private key) of a https session between Firefox and my local server and I got the following error:

dissect_ssl3_hnd_srv_hello can't find cipher suite 0x84

Now, cipher suite number 0x84 is: TLS_RSA_CAMELLIA_256_CBC_SHA1

So do I have to specify any flag during the building of the programm to enable camellia?

Thanks in advance, fex.

asked 30 Jan '13, 02:45

fex's gravatar image

fex
26113
accept rate: 0%

My wireshark version: 1.8.3 with GnuTLS 2.12.20 (-> GnuTLS 2.8.1). My GnuTLS is compiled with camellia support.

(30 Jan '13, 03:36) fex

Wireshark currently (1.10.2) does not support Camellia ciphers. After hitting this issue too, I decided to fix it. The resulting patch can be found on the Wireshark bugtracker: Bug 9144 - [PATCH] Support for Camellia ciphers.

permanent link

answered 12 Sep '13, 17:03

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

edited 12 Sep '13, 23:50

According to the definition in epan/dissectors/packet-ssl-utils.c:cipher_suites[] the mentioned cipher suite (0x84) is not defined. Maybe it is sufficient to add it to the list of cipher_suites and recompile Wireshark, but I have not checked if that would work. I believe there is more to do than just that ....

Regards
Kurt

permanent link

answered 30 Jan '13, 12:25

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 30 Jan '13, 12:27

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×165
×11
×1

question asked: 30 Jan '13, 02:45

question was seen: 3,126 times

last updated: 12 Sep '13, 23:50

p​o​w​e​r​e​d by O​S​Q​A