RSA Session-ID:xxxx Master-Key:yyyy
Is one of the formats for decrypting SSL traffic if I have the master secret. But some sites like google don't send a Session-ID (Session Id Length 0). The other format for RSA based key exchange with the encrypted pre master key and pre master key I can't use because I don't have access to the pre master keys. As far as I understand trunk-1.10/epan/dissectors/packet-ssl-utils.c:
ssl_keylog_parse_session_id(...
if (ssl_session->session_id.data_len == 0)
return FALSE;
as soon as the session id is 0, the format RSA Session-ID: Master-Key: isn't usable. Could someone confirm that or may be have an alternative solution (without modifying Wireshark)?
