ssl,dtls: use ProtocolVersion from Server Hello

A DTLS capture from Jitsi Videobridge for Windows x64 (v519) using a (patched?) BouncyCastle 1.51.0 exposed the odd behavior where the ProtocolVersion from the record layer was always fixed to DTLSv1.2 while the server agrees to use DTLSv1.0. This resulted in a Malformed packet dissection of the ServerKeyExchange message which mistakenly expects a SignatureAndHash field. Fix this by using the protocol version from the ServerHello. Keep the fallback in case a capture starts in the middle of a SSL conversation. (Also display "DTLS" instead of "SSL" when the version is not yet determined for DTLS packets.) Bug: 11709 Change-Id: I0719977e3b2208da1960121b01dc109fa76bfcb6 Reviewed-on: https://code.wireshark.org/review/11821 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl>
author: Peter Wu <peter@lekensteyn.nl> 2015-11-14 12:47:28 +0100
committer: Peter Wu <peter@lekensteyn.nl> 2015-11-16 21:47:43 +0000
commit: 4002f98413cd07abf53535e83beb63ccde939db7 (patch)
tree: 5f0e35a706dc334acc2a37697e660202b7629421 /epan/dissectors/packet-ssl-utils.h
parent: c90990068ff2f442bdfb2475dc9dd3a55cdb2e46 (diff)
download: wireshark-4002f98413cd07abf53535e83beb63ccde939db7.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index 5ccaf8abd0..3bbf44f858 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -585,6 +585,11 @@ extern gboolean
 ssl_is_valid_handshake_type(guint8 hs_type, gboolean is_dtls);
 
 extern void
+ssl_try_set_version(SslSession *session, SslDecryptSession *ssl,
+                    guint8 content_type, guint8 handshake_type,
+                    gboolean is_dtls, guint16 version);
+
+extern void
 ssl_calculate_handshake_hash(SslDecryptSession *ssl_session, tvbuff_t *tvb, guint32 offset, guint32 length);
 
 /* common header fields, subtrees and expert info for SSL and DTLS dissectors */
@@ -761,7 +766,8 @@ ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
 extern void
 ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info* pinfo,
                           proto_tree *tree, guint32 offset, guint32 length,
-                          SslSession *session, SslDecryptSession *ssl);
+                          SslSession *session, SslDecryptSession *ssl,
+                          gboolean is_dtls);
 
 extern void
 ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb,
author	Peter Wu <peter@lekensteyn.nl>	2015-11-14 12:47:28 +0100
committer	Peter Wu <peter@lekensteyn.nl>	2015-11-16 21:47:43 +0000
commit	4002f98413cd07abf53535e83beb63ccde939db7 (patch)
tree	5f0e35a706dc334acc2a37697e660202b7629421 /epan/dissectors/packet-ssl-utils.h
parent	c90990068ff2f442bdfb2475dc9dd3a55cdb2e46 (diff)
download	wireshark-4002f98413cd07abf53535e83beb63ccde939db7.tar.gz