1 | initial version |
Implementing "port 19998 is IEC 60870-5-104-Apci over TLS" and "port 3782 is TPKT-over-TLS" is relatively straightforward; if you could file an enhancement request on the Wireshark Bugzill, with sample captures attached, if possible, for development, testing, and regression testing purposes, that would be helpful.
That would obviate the need for "Decode as...".
Implementing "Decode as..." for "Decode as XXX-over-TLS" with a single GUI operation is a bit more work; it might now be possible to first say "Decode that port as TLS" and, once the capture is redissected with traffic to and from that port dissected as TLS, say "Decode that port, for TLS, as XXX", but being able to do the "over TLS" along with "XXX" would probably be an improvement.