diff options
author | Peter Wu <lekensteyn@gmail.com> | 2013-10-01 23:02:53 +0200 |
---|---|---|
committer | Peter Wu <lekensteyn@gmail.com> | 2013-10-01 23:02:53 +0200 |
commit | 1927a4fa8d871188842cddde7755f4d34f804dd2 (patch) | |
tree | c52264a0d88559401ce288b662476551d2863917 /openssl-connect | |
parent | 7bb3df540d659fe6c674a26b9a10704629a9bf6f (diff) | |
download | wireshark-notes-1927a4fa8d871188842cddde7755f4d34f804dd2.tar.gz |
generate-wireshark-cs: fix ECDH, add PSK, drop SIG_
ssl_get_keyex_alg.txt contains the current supported list of cipher
suites for key exchange by the ssl_get_keyex_alg() function.
It was generated with:
awk -F '[ :;\t]+' '/^gint ssl_get_keyex_alg/{p=1}
/case/{if(p)a[$3]=0} /return/{for(i in a)print i, $3;delete a} /^}
/{if(p)exit}' packet-ssl-utils.c
This file can then be converted and sorted with:
while read num name; do echo $((num)) $name;
done < ssl_get_keyex_alg.txt | sort -n > /tmp/1
To get the current cipher suites list:
awk -F '[ {,]+' '/,KEX_/{print $2, $3}' packet-ssl-utils.c > /tmp/2
Check which cipher suites are missing or have an incorrect key exchange:
diff -y /tmp/[12]
It turned out that the ECDH cipher suites were incorrectly marked as
DH (tested on top of SVN rev 52320). Therefore adjust the
generate-wireshark-cs file.
Diffstat (limited to 'openssl-connect')
-rwxr-xr-x | openssl-connect | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/openssl-connect b/openssl-connect index 9faab3f..fa9b09a 100755 --- a/openssl-connect +++ b/openssl-connect @@ -5,6 +5,7 @@ host=${1:-localhost} portbase=${2:-4430} PSK=12345678 +PSK=0102030405060708091011121314151617181920 s_client_client_random() { awk ' |