From Naoyoshi Ueda:

Enable decryption of TLS 1.2.

 Add some cipher suites from RFC5246 and RFC5289.

Fixed a bug in the handling of stream cipher.
(The explicit IV field in the application record doesn't exist when stream ciphers are used. But the original code handles it as if one-byte IV exists.)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6688

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@40273 f5534014-38df-0310-8fa8-9805f1628bb7

1 files changed, 1 insertions, 1 deletions

diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index dffcde2a6d..e48f05ca7d 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -2006,7 +2006,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
                          * (it's the encrypted len and should be equal to record len - 2)
                          * in case of rsa1024 that would be 128 + 2 = 130; for psk not neccessary
                          */
-                        if (ssl->version == SSL_VER_TLS||ssl->version == SSL_VER_TLSv1DOT1||ssl->version == SSL_VER_TLSv1DOT2)
+                        if (ssl->cipher_suite.kex==KEX_RSA && (ssl->version == SSL_VER_TLS||ssl->version == SSL_VER_TLSv1DOT1||ssl->version == SSL_VER_TLSv1DOT2))
                         {
                             encrlen  = tvb_get_ntohs(tvb, offset);
                             skip = 2;