I am having trouble decoding SPDY traffic. Looking at the ssl_debug output the packets are getting decrypted correctly but for some reason they are not being decoded properly in the GUI. They are not even being shown decrypted, just listed as "Encrypted Application Data". I have managed to get this all working for HTTP over SSL and both the HTTP1 and HTTP2 (SPDY) web servers are using the same cipher suite and certificate. Useful info Linux Ubuntu 14.10 (utopic) x86_64 Wireshark 1.12.1 (from Ubuntu packages) asked 11 Jan '15, 13:41  robyoung edited 19 Jan '15, 09:43 |
One Answer:
The problem is that your capture runs on top of port 443 for which the HTTP dissector has registered. If you expand the SSL record tree, you see "Application Data: http". Luckily, you can override this protocol via the SSL keys UAT ( You must use port Side-note: in your specific capture, the ALPN and NPN TLS extensions are advertised by the client, but the server responds only with NPN. The NPN extension merely gives a hint for the selected protocol, it is up to the client to respond with an appropriate protocol response. ALPN on the other hand requires exactly one value and this hint is implemented in this patch (v1.99.3rc0-69-g3222cd1). As ALPN is the successor of NPN, it was not deemed necessary to implement NPN. answered 10 Feb '15, 07:50  Lekensteyn |
can you please add the server key, so we can do our own experiments with the capture files?
@kurt-knochner sorry about that, I've added link to it.