Skip to content

Instantly share code, notes, and snippets.

@makuk66

makuk66/patched-ssldump.md

Created May 17, 2016 20:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save makuk66/cfe6aa2202c5247ca24eead7fbf81fbe to your computer and use it in GitHub Desktop.
Save makuk66/cfe6aa2202c5247ca24eead7fbf81fbe to your computer and use it in GitHub Desktop.
Download ZIP
Raw
patched-ssldump.md

I used ssldump on OSX and got a lot of "unknown value" for ciphers:

1 1  0.1727 (0.1727)  C>S  Handshake
      ClientHello
        Version 3.1 
        cipher suites
        Unknown value 0xc009
        Unknown value 0xc013
        Unknown value 0x2f
        Unknown value 0xc004
        Unknown value 0xc00e
        Unknown value 0x33
        Unknown value 0x32
        Unknown value 0xc007
        Unknown value 0xc011
        TLS_RSA_WITH_RC4_128_SHA
        Unknown value 0xc002
        Unknown value 0xc00c
        Unknown value 0xc008
        Unknown value 0xc012
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        Unknown value 0xc003
        Unknown value 0xc00d
        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_RC4_128_MD5
        Unknown value 0xff
        compression methods

https://github.com/mtigas/homebrew-ssldump has information about patches, but its setup refers to rtfc.com, which no longer appears to host ssldump.

I got it to work like this:

wget https://github.com/mtigas/homebrew-ssldump/raw/master/Formula/ssldump.rb > ssldump.rb

then edit ssldump.rb, changing:

  url 'http://www.rtfm.com/ssldump/ssldump-0.9b3.tar.gz'

to:

  #url 'http://www.rtfm.com/ssldump/ssldump-0.9b3.tar.gz'
  url 'http://pkgs.fedoraproject.org/repo/pkgs/ssldump/ssldump-0.9b3.tar.gz/ac8c28fe87508d6bfb06344ec496b1dd/ssldump-0.9b3.tar.gz'

Then:

brew install ./ssldump.rb

And now:

New TCP connection #1: crab.lan(59275) <-> 216.136.133.204(443)
1 1  0.1790 (0.1790)  C>S  Handshake
      ClientHello
        Version 3.1 
        cipher suites
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
        TLS_ECDHE_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_RC4_128_SHA
        TLS_ECDH_ECDSA_WITH_RC4_128_SHA
        TLS_ECDH_RSA_WITH_RC4_128_SHA
        TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
        TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
        TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_RC4_128_MD5
        TLS_EMPTY_RENEGOTIATION_INFO_SCSV
        compression methods
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment