Gregory BELLIER wrote:
Jean-Marc Desperrier a écrit :
Wan-Teh Chang wrote:
You can use the NSS command-line tool 'ssltap' to inspect the SSL
handshake
messages:http://www.mozilla.org/projects/security/pki/nss/tools/ssltap.html
It's significantly easier to do it with Wireshark.
Is it easier than the selfserv and tstclnt which are 2 tools supplied by
NSS ? They print the cipher negociated.
What would be seen in Wireshark ? The cipher's OID ?
If you are well served by the NSS tools, then it's not significantly
easier than Wireshark.
But the first google hit for "wireshark download" is the page that
provides you a one-click windows installer for wireshark download (you
even have the portable and U3 version for your USB key, the download
comes from a wide-band download server), on the right part of the
download screen they are the third parties package for various Unix
flavors, it is a standard package for most linux distrib so "apt-get
wireshark" will get it directly, you get a nice GUI, with a tree view of
all the content of each network layer, that in the SSL part does display
the cipher suite name together with it's hex identifier (cipher suites
identifiers are not OIDs, but a hex number), you get a right click
"Follow the TCP/SSL Stream" option, it will reassemble all SSL segment
to show you the full decrypted content when clicking the first packet.
The only one thing that is not convenient is that the option to decrypt
the SSL content is hidden in a protocols/ssl submenu, and you need to
know the ip,port,protocol,path_to_pem_private_key_file syntax it uses.
And the non-windows port might not all have the decryption option.
So most people who have to ask the question of how to get a dump of SSL
traffic are better served by Wireshark than by the NSS native tools.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
