This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TLS\_RSA\_CAMELLIA\_256\_CBC\_SHA decryption

1

Hi everyone!

Does Wireshark support ssl RSA-CAMELLIA cipher decryption? I'm trying to decrypt a pcap log (with the well known RSA private key) of a https session between Firefox and my local server and I got the following error:

dissect_ssl3_hnd_srv_hello can't find cipher suite 0x84

Now, cipher suite number 0x84 is: TLS_RSA_CAMELLIA_256_CBC_SHA1

So do I have to specify any flag during the building of the programm to enable camellia?

Thanks in advance, fex.

asked 30 Jan '13, 02:45

fex's gravatar image

fex
26113
accept rate: 0%

My wireshark version: 1.8.3 with GnuTLS 2.12.20 (-> GnuTLS 2.8.1). My GnuTLS is compiled with camellia support.

(30 Jan '13, 03:36) fex

2 Answers:

2

Wireshark currently (1.10.2) does not support Camellia ciphers. After hitting this issue too, I decided to fix it. The resulting patch can be found on the Wireshark bugtracker: Bug 9144 - [PATCH] Support for Camellia ciphers.

answered 12 Sep '13, 17:03

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

edited 12 Sep '13, 23:50

0

According to the definition in epan/dissectors/packet-ssl-utils.c:cipher_suites[] the mentioned cipher suite (0x84) is not defined. Maybe it is sufficient to add it to the list of cipher_suites and recompile Wireshark, but I have not checked if that would work. I believe there is more to do than just that ....

Regards
Kurt

answered 30 Jan '13, 12:25

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 30 Jan '13, 12:27