diff options
author | Peter Wu <lekensteyn@gmail.com> | 2013-12-10 23:58:08 +0100 |
---|---|---|
committer | Peter Wu <lekensteyn@gmail.com> | 2013-12-10 23:58:08 +0100 |
commit | 0cac6f1f911590850e90894e14b3ecd0226cfa12 (patch) | |
tree | df90561170f8a6db2cb7541a2c9d55c745ba7db5 /notes.txt | |
parent | 8fc4f6c45dc802437376e49dc9c11f2a033dd4c5 (diff) | |
download | wireshark-notes-0cac6f1f911590850e90894e14b3ecd0226cfa12.tar.gz |
More ciphers support
* generate-wireshark-cs: fix key sizes for export ciphers
* notes, openssl-{connect,listen}: support more cipher suites,
including NULL.
Diffstat (limited to 'notes.txt')
-rw-r--r-- | notes.txt | 16 |
1 files changed, 8 insertions, 8 deletions
@@ -24,20 +24,20 @@ make examples/server/server -p 4433 SSLKEYLOGFILE=premaster.txt examples/client/client -l AES256-SHA -p 4433 see also cyassl-test (in this repo) for testing all supported ciphers -# Show a list of cipher suites from ClientHello and the HTTP version (or the -# number of the ClientHello if decryption failed). -/tmp/wsbuild/tshark -r cyassl-tcp.pcapng.gz -ohttp.ssl.port:4430 \ - -ossl.keylog_file:premaster.txt -ossl.psk:1a2b3c4d -Tfields -e frame.number \ - -e ssl.handshake.ciphersuite -e http.request.version \ - -Y not\ ssl.handshake.type==2 | - awk '$2~/0x/{if(n)print n;printf("%s ",$2);n=$1}$2=="HTTP/1.0"{print $2;n=""}' +# Show a list of cipher suite from ServerHello and the HTTP version (or the +# number of the ServerHello if decryption failed). +/tmp/wsbuild/tshark -r cyassl-tcp.pcapng.gz -ohttp.ssl.port:4430-4433 \ + -ossl.keylog_file:premaster.txt -ossl.psk:1a2b3c4d -Tfields \ + -e frame.number -e ssl.handshake.ciphersuite -e http.request.version \ + -Y 'ssl.handshake.type==2||ssl.record.content_type==23' | + awk '$2~/0x/{if(n)print n;printf("%s ",$2);n=$1}$2=="HTTP/1.0"{print $2;n=""}END{if(n)print n}' # create suites.txt from http://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv gawk -n -F '[,"]+' '$4~/^TLS/{print int($2)*0x100+int($3), $4}' tls-parameters-4.csv > suites.txt # find which suites are not supported yet (unsupported.txt) gawk -n -vsrc=/tmp/wireshark/epan/dissectors/packet-ssl-utils.c -F'[ {,]+' 'BEGIN{while(getline <src)if(/^ *\{.*,KEX_/)a[int($2)]=1}{if(!a[int($1)])print}' suites.txt # find which ciphers openssl supports -openssl ciphers -V | awk -F'[, ]+' '{print $2, $3, $5}' | while read n1 n2 name; do echo $(($n1*0x100 + $n2)) $name;done|sort -n > openssl-supported-ciphers.txt +openssl ciphers -tls1 -V ALL:NULL | tr , \ | while read x y _ name _;do echo $((x*0x100+y)) $name;done | sort -n > openssl-supported-ciphers.txt # find which ciphers are not yet supported (unsupported-new is from above) grep -E "$(cut -d' ' -f1 unsuppported-new.txt openssl-supported-ciphers.txt | sort | uniq -d | tr '\n' '|' | sed 's/|$//')" unsuppported-new.txt -w |