Bug #55670 Improve MySQL/SSL dissection for tools like Wireshark
Submitted: 1 Aug 2010 4:24 Modified: 27 Dec 2010 11:00
Reporter: Jonathon Coombes Email Updates:
Status: Verified Impact on me:
None 
Category:Connector / C Severity:S4 (Feature request)
Version:5.0,5.1 OS:Any
Assigned to: CPU Architecture:Any
Tags: API, protocol, SSL

[1 Aug 2010 4:24] Jonathon Coombes 
Description:
Improve or implement the way MySQL is dissected when using SSL to allow standard analysis using Wireshark or similar tools.

How to repeat:
N/A

Suggested fix:
N/A
[24 Jan 2011 12:58] Ulf Wendel 
Is this for Connector/C or for the MySQL Client Library contained in the MySQL Server sources? Judging from the Version, I guess this is for the server. Based on logic this is for both as both libraries should be improved...

Anyway, needs Triage.
[9 Dec 2014 14:22] Daniƫl van Eeden 
It is possible to dissect the MySQL protocol with Wireshark when using SSL:
http://databaseblog.myname.nl/2014/07/decoding-encrypted-mysql-traffic-with.html

There are some known cases where the dissector for MySQL fails:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10346 MySQL: decoding AuthSwitchRequest/AuthSwitchResponse fails
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10342 MySQL: decoding compressed packets fails
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10351 MySQL: decoding COM_CHANGE_USER from new clients fails

In Wireshark trunk there are fixes for utf8mb4, connection attributes, authentication plugins, new capability flags and com_change_user. I expect these to land in Wireshark 1.14.

In Wireshark trunk there is a feature which allows you to dissect the initial (cleartext) greeting and the SSL traffic at the same time.

I don't think anything should be changed on the MySQL side to support Wireshark (so I think this bug can be closed)