patches for ssldump. see also https://github.com/mtigas/homebrew-ssldump

1-ssldump.md

Patches for ssldump

Patches for ssldump (the last ssldump-0.9b3.tar.gz version).

→ You can install a Mac OS X version of ssldump with these patches included, using Homebrew. Check https://github.com/mtigas/homebrew-ssldump for instructions.

---

Patch 2-ssldump-tls12.diff adds information about new TLSv1.2 cipher suites to the ssldump tool.

Patch 3-ssldump-openssl.diff allows ssldump to compile cleanly with OpenSSL, to allow deeper analysis of dumped packets.

(Files 4 and 5 are just source attribution and a partial script -- sort of a scratchpad on how I put the patches together in the first place.)

---

TLSv1.2 example

"Vanilla" ssldump

"Regular" ssldump needs to be installed:

$ brew install ssldump

Then, ssldump is loaded and a browser (Google Chrome Canary 30.0.1561.0 (Official Build 210685); Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1561.0 Safari/537.36) is launched and navigated to https://mike.tig.as/ (see server config).

$ sudo ssldump -A -i en0
... a bunch of traffic ...
New TCP connection #8: 10.55.23.104(56283) <-> 198.61.228.27(443)
8 1  0.0738 (0.0738)  C>SV3.1(205)  Handshake
      ClientHello
        Version 3.3 
        random[32]=
          51 dd bf 58 55 13 48 78 dd 2a db ba aa 02 41 70 
          3d c2 3b fa 23 cc a8 03 68 be ed 7d c0 a4 e1 d8 
        cipher suites
        Unknown value 0xc00a
        Unknown value 0xc014
        Unknown value 0x39
        Unknown value 0x6b
        Unknown value 0x35
        Unknown value 0x3d
        Unknown value 0xc007
        Unknown value 0xc009
        Unknown value 0xc023
        Unknown value 0xc011
        Unknown value 0xc013
        Unknown value 0xc027
        Unknown value 0x33
        TLS_DHE_DSS_WITH_NULL_SHA
        Unknown value 0x32
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_RC4_128_MD5
        Unknown value 0x2f
        Unknown value 0x3c
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compression methods
                  NULL
8 2  0.1149 (0.0411)  S>CV3.3(81)  Handshake
      ServerHello
        Version 3.3 
        random[32]=
          51 dd c0 eb 9e 88 64 a0 a5 74 fd 17 b9 28 11 27 
          ab 83 fd b1 f1 33 3b 57 f7 61 51 aa 6d 30 6f 3f 
        session_id[0]=

        cipherSuite         Unknown value 0xc027
        compressionMethod                   NULL
... more traffic ...

Note the many Unknown value entries where cipherSuites are listed.

Patched ssldump

Now we install the above-linked Homebrew recipe for this modfiied ssldump, by adding that repository to our Homebrew, uninstalling the "vanilla" ssldump, and installing the modified version.

$ brew tap mtigas/ssldump
$ brew uninstall ssldump
$ brew install mtigas/ssldump/ssldump

And then we do the same browser dance:

$ sudo ssldump -A -i en0
... a bunch of traffic ...
New TCP connection #1: 10.55.23.104(56319) <-> 198.61.228.27(443)
1 1  0.0269 (0.0269)  C>SV3.1(205)  Handshake
      ClientHello
        Version 3.3 
        random[32]=
          51 dd bf bb 5f f6 a8 c1 2f 3a 10 ad 70 ad f2 70 
          0a 19 e2 ee d5 e7 1e 45 dd 16 9c 26 e1 d9 43 f5 
        cipher suites
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA256
        TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
        TLS_ECDHE_RSA_WITH_RC4_128_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_DSS_WITH_NULL_SHA
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_RC4_128_MD5
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA256
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compression methods
                  NULL
1 2  0.0676 (0.0406)  S>CV3.3(81)  Handshake
      ServerHello
        Version 3.3 
        random[32]=
          51 dd c1 4f c3 01 87 09 68 9f 86 a5 5a d4 03 49 
          c6 5a d1 ee 95 98 7b c0 2f ad 99 48 ac 6b 02 53 
        session_id[0]=

        cipherSuite         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        compressionMethod                   NULL
... more traffic ...

2-ssldump-tls12.diff

--- ssl/ssl.enums.orig  2013-07-10 15:43:35.000000000 -0400
+++ ssl/ssl.enums	2013-07-10 15:54:11.000000000 -0400
@@ -378,6 +378,141 @@
     CipherSuite	TLS_ECDH_ECDSA_WITH_DES_CBC_SHA  = {0x00,0x49};
     CipherSuite	TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA={0xff,0x85};
     CipherSuite	TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA={0xff,0x84};
+
+    /***** Patch additions from following URL *****/
+    /* https://github.com/jtapiath-cl/gokik/blob/0de0f3e7/Security.framework/Headers/CipherSuite.h */
+    /* TLS addenda using AES, per RFC 3268 */
+    CipherSuite	TLS_RSA_WITH_AES_128_CBC_SHA           ={0x00,0x2f};
+    CipherSuite	TLS_DH_DSS_WITH_AES_128_CBC_SHA        ={0x00,0x30};
+    CipherSuite	TLS_DH_RSA_WITH_AES_128_CBC_SHA        ={0x00,0x31};
+    CipherSuite	TLS_DHE_DSS_WITH_AES_128_CBC_SHA       ={0x00,0x32};
+    CipherSuite	TLS_DHE_RSA_WITH_AES_128_CBC_SHA       ={0x00,0x33};
+    CipherSuite	TLS_DH_anon_WITH_AES_128_CBC_SHA       ={0x00,0x34};
+    CipherSuite	TLS_RSA_WITH_AES_256_CBC_SHA           ={0x00,0x35};
+    CipherSuite	TLS_DH_DSS_WITH_AES_256_CBC_SHA        ={0x00,0x36};
+    CipherSuite	TLS_DH_RSA_WITH_AES_256_CBC_SHA        ={0x00,0x37};
+    CipherSuite	TLS_DHE_DSS_WITH_AES_256_CBC_SHA       ={0x00,0x38};
+    CipherSuite	TLS_DHE_RSA_WITH_AES_256_CBC_SHA       ={0x00,0x39};
+    CipherSuite	TLS_DH_anon_WITH_AES_256_CBC_SHA       ={0x00,0x3a};
+
+    /* ECDSA addenda, RFC 4492 */
+    CipherSuite	TLS_ECDH_ECDSA_WITH_NULL_SHA           ={0xc0,0x01};
+    CipherSuite	TLS_ECDH_ECDSA_WITH_RC4_128_SHA        ={0xc0,0x02};
+    CipherSuite	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA   ={0xc0,0x03};
+    CipherSuite	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA    ={0xc0,0x04};
+    CipherSuite	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA    ={0xc0,0x05};
+    CipherSuite	TLS_ECDHE_ECDSA_WITH_NULL_SHA          ={0xc0,0x06};
+    CipherSuite	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA       ={0xc0,0x07};
+    CipherSuite	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA  ={0xc0,0x08};
+    CipherSuite	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA   ={0xc0,0x09};
+    CipherSuite	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA   ={0xc0,0x0A};
+    CipherSuite	TLS_ECDH_RSA_WITH_NULL_SHA             ={0xc0,0x0B};
+    CipherSuite	TLS_ECDH_RSA_WITH_RC4_128_SHA          ={0xc0,0x0C};
+    CipherSuite	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA     ={0xc0,0x0D};
+    CipherSuite	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA      ={0xc0,0x0E};
+    CipherSuite	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA      ={0xc0,0x0F};
+    CipherSuite	TLS_ECDHE_RSA_WITH_NULL_SHA            ={0xc0,0x10};
+    CipherSuite	TLS_ECDHE_RSA_WITH_RC4_128_SHA         ={0xc0,0x11};
+    CipherSuite	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA    ={0xc0,0x12};
+    CipherSuite	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA     ={0xc0,0x13};
+    CipherSuite	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA     ={0xc0,0x14};
+    CipherSuite	TLS_ECDH_anon_WITH_NULL_SHA            ={0xc0,0x15};
+    CipherSuite	TLS_ECDH_anon_WITH_RC4_128_SHA         ={0xc0,0x16};
+    CipherSuite	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA    ={0xc0,0x17};
+    CipherSuite	TLS_ECDH_anon_WITH_AES_128_CBC_SHA     ={0xc0,0x18};
+    CipherSuite	TLS_ECDH_anon_WITH_AES_256_CBC_SHA     ={0xc0,0x19};
+
+    /***** TLS 1.2 addenda, RFC 5246 *****/
+    /* Initial state. */
+    CipherSuite	TLS_NULL_WITH_NULL_NULL                ={0x00,0x00};
+
+    /* Server provided RSA certificate for key exchange. */
+    CipherSuite	TLS_RSA_WITH_NULL_MD5                     ={0x00,0x01};
+    CipherSuite	TLS_RSA_WITH_NULL_SHA                     ={0x00,0x02};
+    CipherSuite	TLS_RSA_WITH_RC4_128_MD5                  ={0x00,0x04};
+    CipherSuite	TLS_RSA_WITH_RC4_128_SHA                  ={0x00,0x05};
+    CipherSuite	TLS_RSA_WITH_3DES_EDE_CBC_SHA             ={0x00,0x0A};
+    //CipherSuite	TLS_RSA_WITH_AES_128_CBC_SHA            ={0x00,0x2F};
+    //CipherSuite	TLS_RSA_WITH_AES_256_CBC_SHA            ={0x00,0x35};
+    CipherSuite	TLS_RSA_WITH_NULL_SHA256                  ={0x00,0x3B};
+    CipherSuite	TLS_RSA_WITH_AES_128_CBC_SHA256           ={0x00,0x3C};
+    CipherSuite	TLS_RSA_WITH_AES_256_CBC_SHA256           ={0x00,0x3D};
+
+    /* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
+    CipherSuite	TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA          ={0x00,0x0D};
+    CipherSuite	TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA          ={0x00,0x10};
+    CipherSuite	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA         ={0x00,0x13};
+    CipherSuite	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA         ={0x00,0x16};
+    //CipherSuite	TLS_DH_DSS_WITH_AES_128_CBC_SHA         ={0x00,0x30};
+    //CipherSuite	TLS_DH_RSA_WITH_AES_128_CBC_SHA         ={0x00,0x31};
+    //CipherSuite	TLS_DHE_DSS_WITH_AES_128_CBC_SHA        ={0x00,0x32};
+    //CipherSuite	TLS_DHE_RSA_WITH_AES_128_CBC_SHA        ={0x00,0x33};
+    //CipherSuite	TLS_DH_DSS_WITH_AES_256_CBC_SHA         ={0x00,0x36};
+    //CipherSuite	TLS_DH_RSA_WITH_AES_256_CBC_SHA         ={0x00,0x37};
+    //CipherSuite	TLS_DHE_DSS_WITH_AES_256_CBC_SHA        ={0x00,0x38};
+    //CipherSuite	TLS_DHE_RSA_WITH_AES_256_CBC_SHA        ={0x00,0x39};
+    CipherSuite	TLS_DH_DSS_WITH_AES_128_CBC_SHA256        ={0x00,0x3E};
+    CipherSuite	TLS_DH_RSA_WITH_AES_128_CBC_SHA256        ={0x00,0x3F};
+    CipherSuite	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       ={0x00,0x40};
+    CipherSuite	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       ={0x00,0x67};
+    CipherSuite	TLS_DH_DSS_WITH_AES_256_CBC_SHA256        ={0x00,0x68};
+    CipherSuite	TLS_DH_RSA_WITH_AES_256_CBC_SHA256        ={0x00,0x69};
+    CipherSuite	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       ={0x00,0x6A};
+    CipherSuite	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       ={0x00,0x6B};
+
+    /* Completely anonymous Diffie-Hellman */
+    CipherSuite	TLS_DH_anon_WITH_RC4_128_MD5              ={0x00,0x18};
+    CipherSuite	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA         ={0x00,0x1B};
+    //CipherSuite	TLS_DH_anon_WITH_AES_128_CBC_SHA        ={0x00,0x34};
+    //CipherSuite	TLS_DH_anon_WITH_AES_256_CBC_SHA        ={0x00,0x3A};
+    CipherSuite	TLS_DH_anon_WITH_AES_128_CBC_SHA256       ={0x00,0x6C};
+    CipherSuite	TLS_DH_anon_WITH_AES_256_CBC_SHA256       ={0x00,0x6D};
+
+    /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLS. */
+    CipherSuite	TLS_RSA_WITH_AES_128_GCM_SHA256           ={0x00,0x9C};
+    CipherSuite	TLS_RSA_WITH_AES_256_GCM_SHA384           ={0x00,0x9D};
+    CipherSuite	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       ={0x00,0x9E};
+    CipherSuite	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       ={0x00,0x9F};
+    CipherSuite	TLS_DH_RSA_WITH_AES_128_GCM_SHA256        ={0x00,0xA0};
+    CipherSuite	TLS_DH_RSA_WITH_AES_256_GCM_SHA384        ={0x00,0xA1};
+    CipherSuite	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       ={0x00,0xA2};
+    CipherSuite	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       ={0x00,0xA3};
+    CipherSuite	TLS_DH_DSS_WITH_AES_128_GCM_SHA256        ={0x00,0xA4};
+    CipherSuite	TLS_DH_DSS_WITH_AES_256_GCM_SHA384        ={0x00,0xA5};
+    CipherSuite	TLS_DH_anon_WITH_AES_128_GCM_SHA256       ={0x00,0xA6};
+    CipherSuite	TLS_DH_anon_WITH_AES_256_GCM_SHA384       ={0x00,0xA7};
+
+    /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with HMAC SHA-256/384. */
+    CipherSuite	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   ={0xC0,0x23};
+    CipherSuite	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ={0xC0,0x24};
+    CipherSuite	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256    ={0xC0,0x25};
+    CipherSuite	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384    ={0xC0,0x26};
+    CipherSuite	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     ={0xC0,0x27};
+    CipherSuite	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     ={0xC0,0x28};
+    CipherSuite	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256      ={0xC0,0x29};
+    CipherSuite	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384      ={0xC0,0x2A};
+
+    /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM) */
+    CipherSuite	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ={0xC0,0x2B};
+    CipherSuite	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ={0xC0,0x2C};
+    CipherSuite	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256    ={0xC0,0x2D};
+    CipherSuite	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384    ={0xC0,0x2E};
+    CipherSuite	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     ={0xC0,0x2F};
+    CipherSuite	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     ={0xC0,0x30};
+    CipherSuite	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256      ={0xC0,0x31};
+    CipherSuite	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384      ={0xC0,0x32};
+
+    /* RFC 5746 - Secure Renegotiation */
+    CipherSuite	TLS_EMPTY_RENEGOTIATION_INFO_SCSV         ={0x00,0xFF};
+
+    /* Tags for SSL 2 cipher kinds which are not specified for SSL 3. */
+    CipherSuite	SSL_RSA_WITH_RC2_CBC_MD5                  ={0xFF,0x80};
+    CipherSuite	SSL_RSA_WITH_IDEA_CBC_MD5                 ={0xFF,0x81};
+    CipherSuite	SSL_RSA_WITH_DES_CBC_MD5                  ={0xFF,0x82};
+    CipherSuite	SSL_RSA_WITH_3DES_EDE_CBC_MD5             ={0xFF,0x83};
+    CipherSuite	SSL_NO_SUCH_CIPHERSUITE                   ={0xFF,0xFF};
+    /***** /Patch additions *****/
+
   } cipher_suite;  
 
     	   
--- ssl/ssl.enums.c.orig	2013-07-10 14:54:38.000000000 -0400
+++ ssl/ssl.enums.c	2013-07-10 15:51:46.000000000 -0400
@@ -698,6 +698,393 @@
 		65412,
 		"TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA",
 		0	},
+	/***** Patch additions from following URL *****/
+	/* https://github.com/jtapiath-cl/gokik/blob/0de0f3e7/Security.framework/Headers/CipherSuite.h */
+	{
+		47,
+		"TLS_RSA_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		48,
+		"TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		49,
+		"TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		50,
+		"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		51,
+		"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		52,
+		"TLS_DH_anon_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		53,
+		"TLS_RSA_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		54,
+		"TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		55,
+		"TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		56,
+		"TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		57,
+		"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		58,
+		"TLS_DH_anon_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		49153,
+		"TLS_ECDH_ECDSA_WITH_NULL_SHA",
+		0	},
+	{
+		49154,
+		"TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+		0	},
+	{
+		49155,
+		"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+		0	},
+	{
+		49156,
+		"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		49157,
+		"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		49158,
+		"TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+		0	},
+	{
+		49159,
+		"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+		0	},
+	{
+		49160,
+		"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+		0	},
+	{
+		49161,
+		"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		49162,
+		"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		49163,
+		"TLS_ECDH_RSA_WITH_NULL_SHA",
+		0	},
+	{
+		49164,
+		"TLS_ECDH_RSA_WITH_RC4_128_SHA",
+		0	},
+	{
+		49165,
+		"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+		0	},
+	{
+		49166,
+		"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		49167,
+		"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		49168,
+		"TLS_ECDHE_RSA_WITH_NULL_SHA",
+		0	},
+	{
+		49169,
+		"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+		0	},
+	{
+		49170,
+		"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+		0	},
+	{
+		49171,
+		"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		49172,
+		"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		49173,
+		"TLS_ECDH_anon_WITH_NULL_SHA",
+		0	},
+	{
+		49174,
+		"TLS_ECDH_anon_WITH_RC4_128_SHA",
+		0	},
+	{
+		49175,
+		"TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+		0	},
+	{
+		49176,
+		"TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+		0	},
+	{
+		49177,
+		"TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+		0	},
+	{
+		0,
+		"TLS_NULL_WITH_NULL_NULL",
+		0	},
+	{
+		1,
+		"TLS_RSA_WITH_NULL_MD5",
+		0	},
+	{
+		2,
+		"TLS_RSA_WITH_NULL_SHA",
+		0	},
+	{
+		4,
+		"TLS_RSA_WITH_RC4_128_MD5",
+		0	},
+	{
+		5,
+		"TLS_RSA_WITH_RC4_128_SHA",
+		0	},
+	{
+		10,
+		"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+		0	},
+	{
+		59,
+		"TLS_RSA_WITH_NULL_SHA256",
+		0	},
+	{
+		60,
+		"TLS_RSA_WITH_AES_128_CBC_SHA256",
+		0	},
+	{
+		61,
+		"TLS_RSA_WITH_AES_256_CBC_SHA256",
+		0	},
+	{
+		13,
+		"TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
+		0	},
+	{
+		16,
+		"TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
+		0	},
+	{
+		19,
+		"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+		0	},
+	{
+		22,
+		"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+		0	},
+	{
+		62,
+		"TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
+		0	},
+	{
+		63,
+		"TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
+		0	},
+	{
+		64,
+		"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
+		0	},
+	{
+		103,
+		"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+		0	},
+	{
+		104,
+		"TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
+		0	},
+	{
+		105,
+		"TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
+		0	},
+	{
+		106,
+		"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
+		0	},
+	{
+		107,
+		"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+		0	},
+	{
+		24,
+		"TLS_DH_anon_WITH_RC4_128_MD5",
+		0	},
+	{
+		27,
+		"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
+		0	},
+	{
+		108,
+		"TLS_DH_anon_WITH_AES_128_CBC_SHA256",
+		0	},
+	{
+		109,
+		"TLS_DH_anon_WITH_AES_256_CBC_SHA256",
+		0	},
+	{
+		156,
+		"TLS_RSA_WITH_AES_128_GCM_SHA256",
+		0	},
+	{
+		157,
+		"TLS_RSA_WITH_AES_256_GCM_SHA384",
+		0	},
+	{
+		158,
+		"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+		0	},
+	{
+		159,
+		"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+		0	},
+	{
+		160,
+		"TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
+		0	},
+	{
+		161,
+		"TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
+		0	},
+	{
+		162,
+		"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
+		0	},
+	{
+		163,
+		"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
+		0	},
+	{
+		164,
+		"TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
+		0	},
+	{
+		165,
+		"TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
+		0	},
+	{
+		166,
+		"TLS_DH_anon_WITH_AES_128_GCM_SHA256",
+		0	},
+	{
+		167,
+		"TLS_DH_anon_WITH_AES_256_GCM_SHA384",
+		0	},
+	{
+		49187,
+		"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+		0	},
+	{
+		49188,
+		"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+		0	},
+	{
+		49189,
+		"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
+		0	},
+	{
+		49190,
+		"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
+		0	},
+	{
+		49191,
+		"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+		0	},
+	{
+		49192,
+		"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+		0	},
+	{
+		49193,
+		"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
+		0	},
+	{
+		49194,
+		"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
+		0	},
+	{
+		49195,
+		"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+		0	},
+	{
+		49196,
+		"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+		0	},
+	{
+		49197,
+		"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+		0	},
+	{
+		49198,
+		"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
+		0	},
+	{
+		49199,
+		"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+		0	},
+	{
+		49200,
+		"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+		0	},
+	{
+		49201,
+		"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+		0	},
+	{
+		49202,
+		"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
+		0	},
+	{
+		255,
+		"TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+		0	},
+	{
+		65408,
+		"SSL_RSA_WITH_RC2_CBC_MD5",
+		0	},
+	{
+		65409,
+		"SSL_RSA_WITH_IDEA_CBC_MD5",
+		0	},
+	{
+		65410,
+		"SSL_RSA_WITH_DES_CBC_MD5",
+		0	},
+	{
+		65411,
+		"SSL_RSA_WITH_3DES_EDE_CBC_MD5",
+		0	},
+	{
+		65535,
+		"SSL_NO_SUCH_CIPHERSUITE",
+		0	},
+	/***** /Patch additions *****/
 {-1}
 };
 

3-ssldump-openssl.diff

--- a/ssl/ssldecode.c  2013-07-10 14:44:42.000000000 -0400
+++ b/ssl/ssldecode.c  2013-07-10 14:44:44.000000000 -0400
@@ -51,6 +51,7 @@
 #include <openssl/ssl.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
+#include <openssl/md5.h>
 #include <openssl/x509v3.h>
 #endif
 #include "ssldecode.h"
@@ -131,7 +132,8 @@
     ssl_decode_ctx *d=0;
     int r,_status;
     
-    SSLeay_add_all_algorithms();
+    SSL_library_init();
+    OpenSSL_add_all_algorithms();
     if(!(d=(ssl_decode_ctx *)malloc(sizeof(ssl_decode_ctx))))
       ABORT(R_NO_MEMORY);
     if(!(d->ssl_ctx=SSL_CTX_new(SSLv23_server_method())))

4-src.txt

  /***** Patch additions from following URL *****/
  /* https://github.com/jtapiath-cl/gokik/blob/0de0f3e7/Security.framework/Headers/CipherSuite.h */
    CipherSuite  TLS_RSA_WITH_AES_128_CBC_SHA           ={0x00,0x2f};
    CipherSuite	TLS_DH_DSS_WITH_AES_128_CBC_SHA        ={0x00,0x30};
    CipherSuite	TLS_DH_RSA_WITH_AES_128_CBC_SHA        ={0x00,0x31};
    CipherSuite	TLS_DHE_DSS_WITH_AES_128_CBC_SHA       ={0x00,0x32};
    CipherSuite	TLS_DHE_RSA_WITH_AES_128_CBC_SHA       ={0x00,0x33};
    CipherSuite	TLS_DH_anon_WITH_AES_128_CBC_SHA       ={0x00,0x34};
    CipherSuite	TLS_RSA_WITH_AES_256_CBC_SHA           ={0x00,0x35};
    CipherSuite	TLS_DH_DSS_WITH_AES_256_CBC_SHA        ={0x00,0x36};
    CipherSuite	TLS_DH_RSA_WITH_AES_256_CBC_SHA        ={0x00,0x37};
    CipherSuite	TLS_DHE_DSS_WITH_AES_256_CBC_SHA       ={0x00,0x38};
    CipherSuite	TLS_DHE_RSA_WITH_AES_256_CBC_SHA       ={0x00,0x39};
    CipherSuite	TLS_DH_anon_WITH_AES_256_CBC_SHA       ={0x00,0x3a};
    CipherSuite	TLS_ECDH_ECDSA_WITH_NULL_SHA           ={0xc0,0x01};
    CipherSuite	TLS_ECDH_ECDSA_WITH_RC4_128_SHA        ={0xc0,0x02};
    CipherSuite	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA   ={0xc0,0x03};
    CipherSuite	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA    ={0xc0,0x04};
    CipherSuite	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA    ={0xc0,0x05};
    CipherSuite	TLS_ECDHE_ECDSA_WITH_NULL_SHA          ={0xc0,0x06};
    CipherSuite	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA       ={0xc0,0x07};
    CipherSuite	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA  ={0xc0,0x08};
    CipherSuite	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA   ={0xc0,0x09};
    CipherSuite	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA   ={0xc0,0x0A};
    CipherSuite	TLS_ECDH_RSA_WITH_NULL_SHA             ={0xc0,0x0B};
    CipherSuite	TLS_ECDH_RSA_WITH_RC4_128_SHA          ={0xc0,0x0C};
    CipherSuite	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA     ={0xc0,0x0D};
    CipherSuite	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA      ={0xc0,0x0E};
    CipherSuite	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA      ={0xc0,0x0F};
    CipherSuite	TLS_ECDHE_RSA_WITH_NULL_SHA            ={0xc0,0x10};
    CipherSuite	TLS_ECDHE_RSA_WITH_RC4_128_SHA         ={0xc0,0x11};
    CipherSuite	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA    ={0xc0,0x12};
    CipherSuite	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA     ={0xc0,0x13};
    CipherSuite	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA     ={0xc0,0x14};
    CipherSuite	TLS_ECDH_anon_WITH_NULL_SHA            ={0xc0,0x15};
    CipherSuite	TLS_ECDH_anon_WITH_RC4_128_SHA         ={0xc0,0x16};
    CipherSuite	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA    ={0xc0,0x17};
    CipherSuite	TLS_ECDH_anon_WITH_AES_128_CBC_SHA     ={0xc0,0x18};
    CipherSuite	TLS_ECDH_anon_WITH_AES_256_CBC_SHA     ={0xc0,0x19};
    CipherSuite	TLS_NULL_WITH_NULL_NULL                ={0x00,0x00};
    CipherSuite	TLS_RSA_WITH_NULL_MD5                     ={0x00,0x01};
    CipherSuite	TLS_RSA_WITH_NULL_SHA                     ={0x00,0x02};
    CipherSuite	TLS_RSA_WITH_RC4_128_MD5                  ={0x00,0x04};
    CipherSuite	TLS_RSA_WITH_RC4_128_SHA                  ={0x00,0x05};
    CipherSuite	TLS_RSA_WITH_3DES_EDE_CBC_SHA             ={0x00,0x0A};
    CipherSuite	TLS_RSA_WITH_NULL_SHA256                  ={0x00,0x3B};
    CipherSuite	TLS_RSA_WITH_AES_128_CBC_SHA256           ={0x00,0x3C};
    CipherSuite	TLS_RSA_WITH_AES_256_CBC_SHA256           ={0x00,0x3D};
    CipherSuite	TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA          ={0x00,0x0D};
    CipherSuite	TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA          ={0x00,0x10};
    CipherSuite	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA         ={0x00,0x13};
    CipherSuite	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA         ={0x00,0x16};
    CipherSuite	TLS_DH_DSS_WITH_AES_128_CBC_SHA256        ={0x00,0x3E};
    CipherSuite	TLS_DH_RSA_WITH_AES_128_CBC_SHA256        ={0x00,0x3F};
    CipherSuite	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       ={0x00,0x40};
    CipherSuite	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       ={0x00,0x67};
    CipherSuite	TLS_DH_DSS_WITH_AES_256_CBC_SHA256        ={0x00,0x68};
    CipherSuite	TLS_DH_RSA_WITH_AES_256_CBC_SHA256        ={0x00,0x69};
    CipherSuite	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       ={0x00,0x6A};
    CipherSuite	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       ={0x00,0x6B};
    CipherSuite	TLS_DH_anon_WITH_RC4_128_MD5              ={0x00,0x18};
    CipherSuite	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA         ={0x00,0x1B};
    CipherSuite	TLS_DH_anon_WITH_AES_128_CBC_SHA256       ={0x00,0x6C};
    CipherSuite	TLS_DH_anon_WITH_AES_256_CBC_SHA256       ={0x00,0x6D};
    CipherSuite	TLS_RSA_WITH_AES_128_GCM_SHA256           ={0x00,0x9C};
    CipherSuite	TLS_RSA_WITH_AES_256_GCM_SHA384           ={0x00,0x9D};
    CipherSuite	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       ={0x00,0x9E};
    CipherSuite	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       ={0x00,0x9F};
    CipherSuite	TLS_DH_RSA_WITH_AES_128_GCM_SHA256        ={0x00,0xA0};
    CipherSuite	TLS_DH_RSA_WITH_AES_256_GCM_SHA384        ={0x00,0xA1};
    CipherSuite	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       ={0x00,0xA2};
    CipherSuite	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       ={0x00,0xA3};
    CipherSuite	TLS_DH_DSS_WITH_AES_128_GCM_SHA256        ={0x00,0xA4};
    CipherSuite	TLS_DH_DSS_WITH_AES_256_GCM_SHA384        ={0x00,0xA5};
    CipherSuite	TLS_DH_anon_WITH_AES_128_GCM_SHA256       ={0x00,0xA6};
    CipherSuite	TLS_DH_anon_WITH_AES_256_GCM_SHA384       ={0x00,0xA7};
    CipherSuite	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   ={0xC0,0x23};
    CipherSuite	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ={0xC0,0x24};
    CipherSuite	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256    ={0xC0,0x25};
    CipherSuite	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384    ={0xC0,0x26};
    CipherSuite	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     ={0xC0,0x27};
    CipherSuite	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     ={0xC0,0x28};
    CipherSuite	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256      ={0xC0,0x29};
    CipherSuite	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384      ={0xC0,0x2A};
    CipherSuite	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ={0xC0,0x2B};
    CipherSuite	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ={0xC0,0x2C};
    CipherSuite	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256    ={0xC0,0x2D};
    CipherSuite	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384    ={0xC0,0x2E};
    CipherSuite	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     ={0xC0,0x2F};
    CipherSuite	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     ={0xC0,0x30};
    CipherSuite	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256      ={0xC0,0x31};
    CipherSuite	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384      ={0xC0,0x32};
    CipherSuite	TLS_EMPTY_RENEGOTIATION_INFO_SCSV         ={0x00,0xFF};
    CipherSuite	SSL_RSA_WITH_RC2_CBC_MD5                  ={0xFF,0x80};
    CipherSuite	SSL_RSA_WITH_IDEA_CBC_MD5                 ={0xFF,0x81};
    CipherSuite	SSL_RSA_WITH_DES_CBC_MD5                  ={0xFF,0x82};
    CipherSuite	SSL_RSA_WITH_3DES_EDE_CBC_MD5             ={0xFF,0x83};
    CipherSuite	SSL_NO_SUCH_CIPHERSUITE                   ={0xFF,0xFF};

5-conv.py

#!/usr/bin/env python
#coding=utf8
import re

r = re.compile(r'\s+CipherSuite\s+(?P<proto>(?:TLS|SSL)_\w+)\s+=\{0x(?P<high>[0-9a-fA-F]{2}),0x(?P<low>[0-9a-fA-F]{2})\};')
if __name__ == "__main__":
  f = open('/tmp/4-src.txt', 'rb')
  for line in f:
    res = r.search(line)
    #print line[:-1]
    if res:
      data = res.groupdict()
      val = '0x%s%s' % (data['high'], data['low'])
      proto = data['proto']
      print "\t{\n\t\t%d,\n\t\t\"%s\",\n\t\t0\t}," % (int(val, 16), proto)
    else:
      raise Exception

useful:

sudo ssldump -VA -i en0|egrep "443|TLS|SHA|RSA|GCM|CBC|AES|RC4|Unknown value"

Hello
I just ran this on my Mac OSX v10.11.6
$> brew tap mtigas/ssldump
Updating Homebrew...
==> Tapping mtigas/ssldump
Cloning into '/usr/local/Homebrew/Library/Taps/mtigas/homebrew-ssldump'...
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 6 (delta 0), reused 3 (delta 0), pack-reused 0
Unpacking objects: 100% (6/6), done.
Error: Invalid formula: /usr/local/Homebrew/Library/Taps/mtigas/homebrew-ssldump/Formula/ssldump.rb
Calling Formula.sha1 is disabled!
Use Formula.sha256 instead.
/usr/local/Homebrew/Library/Taps/mtigas/homebrew-ssldump/Formula/ssldump.rb:6:in `class:Ssldump'
Please report this to the mtigas/ssldump tap!
Error: Cannot tap mtigas/ssldump: invalid syntax in tap!

Need your help to tell me whats the issue here and kindly fix.

Thanks!