Ask Your Question
0

Disabling Wireshark attempt to decrypt QUIC traffic

asked 2022-07-20 08:45:29 +0000

bathooman gravatar image

Since I have disabled encryption in a QUIC implementation, the interaction between the client and server takes place in plain text. However, Wireshark still attempts to decrypt the interaction and fails to dissect the plain text. I am wondering if there is a way to disable Wireshark's attempt to decrypt QUIC traffic.

edit retag flag offensive close merge delete

Comments

Are you using a "standard" such as draft-banks-quic-disable-encryption-00 ?

Chuckc gravatar imageChuckc ( 2022-07-20 13:20:26 +0000 )edit

The implementation (https://github.com/h2o/quicly) does not support it. So, I just disable encryption/decryption functions.

bathooman gravatar imagebathooman ( 2022-07-20 13:26:10 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-07-20 15:16:11 +0000

Chuckc gravatar image

updated 2022-07-20 15:20:52 +0000

There are open issues (Disable encryption #181, Disable encryption #483) on the h2o/quicly Github.
It would be better if they would follow something like the draft-banks-quic-disable-encryption-00 which might then be added to Wireshark.

Until then, there is a GQUIC preference (QUIC: Add preference to force decode all payload) that maybe could be duplicated in the QUIC dissector. Please open a Enhancement/Feature request on the Wireshark Gitlab Issues page.

(If you open a Feature Request, please add a link back to this question)

Reference: Quic Conversation decipher

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2022-07-20 08:45:29 +0000

Seen: 346 times

Last updated: Jul 20 '22