When playing around with the RSA key listing under Edit -> Preferences -> Protocols -> SSL I set spdy as the protocol for 443 traffic. Now Wireshark things spdy is the Application Data Protocol for all 443 traffic. The only work-around is to have a fake key configured in the RSA key listing for 0.0.0.0 and 443 that lists the protocol as HTTP. But when I remove it Wireshark goes right back to thinking HTTPS traffic should be spdy traffic. I have removed and re-installed Wireshark, deleted all references of Wireshark from the registry and this setting is still buried somewhere. I also tried just removing spdy support. Any idea where the option to set what protocol is hosted under SSL for a specific port so I can get back to the default?
asked 29 Oct '15, 16:11  Drone637 |
2 Answers:
You are experiencing bug 10984. This bug is fixed in Wireshark 2.0 and will also become part of 1.12.9. As a workaround for this bug, you can modify the HTTP preferences, for example by adding additional SSL/TLS ports as described by mrEEde. If you don't know what to add, duplicating a port number is sufficient (like answered 30 Oct '15, 02:25  Lekensteyn |
So you want a certain port decoded as SSL? answered 29 Oct '15, 22:53  mrEEde |
This resolved the issue. I added a second 443 and it is now resolving as expected.