'Re: [Wireshark-users] Problem deciphering an openssl stream'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-users
Subject:    Re: [Wireshark-users] Problem deciphering an openssl stream
From:       kolos_ws () ural2 ! hu
Date:       2010-10-11 12:36:17
Message-ID: alpine.DEB.2.00.1010111433020.29287 () robin ! fene ! hu
[Download RAW message or body]

Hi Philippe,

> Handshake Protocol: Server Hello
> [...]
> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
>
> I don't see any DH here, so maybe that's not the problem.

I agree, it doesn't look like it's using DH. What would be interesting to 
see if you see a "Client key exchange" or a "Server key exchange" at the 
beginning of the SSL session in your capture when you look at it in 
Wireshark.

Also, you might want to use "-s 0" when running tcpdump, that just 
captures everything.

>> If you're using Firefox as your client, you can view what it's
>> configured to use by typing 'about:config' in your address bar.
>
> It's a SOAP call done from a python soap implementation. I should be
> able to configure it somewhere but I am not sure of what I should put.

Good question, I'm no Python expert, so others will have to help you out 
here.

Kolos
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic