Geek Answers Handbook

How to read SSL / TLS encrypted warning code under ephemeral RSA

I am trying to debug SSL-encrypted alerts on my web server. I'm not sure what the problem is, and everything works, but I see a lot of encrypted TLSv1 warnings in Wireshark, which I think should not be there.

The TLSv1 warning protocol ( http://en.wikipedia.org/wiki/Transport_Layer_Security#Alert_protocol ) contains error codes indicating what is wrong, unfortunately, this code is encrypted.

Wireshark allows you to decrypt SSL by providing the secret key (which I have) on the SSL settings page. However, this does not work for me because of the session setup using Ephemeral RSA (Sharkfest'09 http://sharkfest.wireshark.org/sharkfest.12/presentations/MB-1_SSL_Troubleshooting_with%20_Wireshark_Software.pdf , page 59).

I want to know how I can read this warning code. Any of the following will find me there:
a) Wireshark decrypt SSL using Ephemeral RSA
b) Avoid using Ephemeral RSA so Wireshark can decrypt
c) Make SSL use zero encryption so I can just read the code to debug it

+7
source share
1 answer

b) Avoid using Ephemeral RSA, so Wireshark can decrypt

If you are an Apache web server, try the following:

httpd.conf SSLProtocol +all -SSLv2 -SSLv3 SSLCipherSuite -kEECDH:-kEDH:+kRSA:+HIGH:+MEDIUM:-LOW:-EXP

c) Make SSL use zero encryption so I can just read the code to debug it

This might be a little trickier, but try moving eNULL to the top of the list. eNULL will probably be rejected by the client, but worth a try. I suspect it will be rejected because the client will not allow encryption (or aNULL , for that matter).

If the client has eNULL , it may still not be used. The server usually respects client ciphers, so if the client does not request eNULL , you will have to find an override in the server configuration.

+1
source

More articles:


All Articles