Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Forcing wireshark to dissect null cipher TLS


we have a dissector for a custom protocol which can be the payload of TLSv1.2 packets with the cipher suite TLS_ECDHE_ECDSA_WITH_NULL_SHA (0xc006). The dissector is registered in lua with:

DissectorTable.get("tls.port"):add(49502, my_protocol)

These packages get dissected properly for connections, where the TLS handshake is part of the capture. When the handshake is missing wireshark does not dissect the application data of the tls packets.

Is it possible to tell wireshark to assume the that all TLS packages on a given port are not encrypted and to dissect them with the given dissector?

Kind regards and thank you. Eike