https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14381
--- Comment #5 from Peter Wu <pe...@lekensteyn.nl> ---
I considered suggesting changing the port number, but there does not seem to be
a dedicated port for TLS traffic:
https://docs.mongodb.com/manual/reference/default-mongodb-port/
https://docs.mongodb.com/manual/tutorial/configure-ssl-clients/
https://docs.mongodb.com/manual/tutorial/configure-ssl/
https://docs.mongodb.com/manual/core/security-transport-encryption/
Two possibilities:
Use ssl_dissector_add(0, mongo_handle) to avoid interpreting the port as TLS by
default.
In order to recognize TLS again and be able to dissect decrypted TLS data,
change dissect_mongo to recognize TLS. If TLS is detected, set the appdata
dissector to mongodb and call the TLS dissector with ssl_starttls_ack(...,
mongo_handle) + call_dissector(tls_handle, ...).
or
change the TLS dissector to reject the data if it does not look like TLS at all
(like Michael did in the above path). One limitation is that it does not help
with dissecting the decrypted data as mongo, for that to work the previous
approach is necessary.
For a quick fix, I suggest just changing mongo to use ssl_dissector_add(0,
mongo_handle). This will regress on bug 14275 in the sense that TLS traffic is
not automatically marked as such, but for decryption more changes were needed
anyway.
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
