TLS decoding support #193
Comments
|
@PhyxionNL @kayoub5 thoughts on how we might get TLS support? |
|
without user provided certificates (either client or server) the only thing you can support is authentication only tls (payload not encrypted) |
|
@kayoub5 I think we'd assume the user would provide certificates yep. |
|
I investigated this topic and want to provide some feedback. In modern TLS, the private key of the certificate alone does not allow the full decryption. If the traffic uses the RSA keys the certificate is enough, however if Diffie Helman ephemeral keys are used, it is necessary to have the negotiated key that changes for every session. Anyway, decryption is possible because the libraries used from the two major browsers (Firefox and Chrome) may be enabled to write the secrets (for debugging purposes) using the I believe it would be very valuable having the ability to decrypt TLS traffic. When writing the new dissectors, it is important considering the differences when it comes to HTTP/2, QUIC and the upcoming HTTP/3 (which is already available in .NET but off by default) as it uses UDP. Some more detail on how TLS works: |
|
I would love to see this support added. Provide a way to access the SSKEYLOGGER file, similar to how wireshark does it (point to a file). Then decrypt it. BACnet SC traffic is what I would like to decrypt and parse. I am open to compensating someone to implement this. |
|
It looks like the dotnet team is working on that and the decryption support is coming in .NET 9 |
Thoughts on how we might implement tls decoding like wireshark can perform? Can we reuse anything wireshark has done? Should we aim for a purely managed approach? Build on packetnet-connections?
The text was updated successfully, but these errors were encountered: