Hi everyone! Does Wireshark support ssl RSA-CAMELLIA cipher decryption? I'm trying to decrypt a pcap log (with the well known RSA private key) of a https session between Firefox and my local server and I got the following error: dissect_ssl3_hnd_srv_hello can't find cipher suite 0x84 Now, cipher suite number 0x84 is: TLS_RSA_CAMELLIA_256_CBC_SHA1 So do I have to specify any flag during the building of the programm to enable camellia? Thanks in advance, fex. asked 30 Jan '13, 02:45  fex |
2 Answers:
Wireshark currently (1.10.2) does not support Camellia ciphers. After hitting this issue too, I decided to fix it. The resulting patch can be found on the Wireshark bugtracker: Bug 9144 - [PATCH] Support for Camellia ciphers. answered 12 Sep '13, 17:03  Lekensteyn edited 12 Sep '13, 23:50 |
According to the definition in epan/dissectors/packet-ssl-utils.c:cipher_suites[] the mentioned cipher suite (0x84) is not defined. Maybe it is sufficient to add it to the list of cipher_suites and recompile Wireshark, but I have not checked if that would work. I believe there is more to do than just that .... Regards answered 30 Jan '13, 12:25  Kurt Knochner ♦ edited 30 Jan '13, 12:27 |
My wireshark version: 1.8.3 with GnuTLS 2.12.20 (-> GnuTLS 2.8.1). My GnuTLS is compiled with camellia support.