Bug #55670 | Improve MySQL/SSL dissection for tools like Wireshark | ||
---|---|---|---|
Submitted: | 1 Aug 2010 4:24 | Modified: | 27 Dec 2010 11:00 |
Reporter: | Jonathon Coombes | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | Connector / C | Severity: | S4 (Feature request) |
Version: | 5.0,5.1 | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | API, protocol, SSL |
[1 Aug 2010 4:24]
Jonathon Coombes
[24 Jan 2011 12:58]
Ulf Wendel
Is this for Connector/C or for the MySQL Client Library contained in the MySQL Server sources? Judging from the Version, I guess this is for the server. Based on logic this is for both as both libraries should be improved... Anyway, needs Triage.
[9 Dec 2014 14:22]
Daniël van Eeden
It is possible to dissect the MySQL protocol with Wireshark when using SSL: http://databaseblog.myname.nl/2014/07/decoding-encrypted-mysql-traffic-with.html There are some known cases where the dissector for MySQL fails: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10346 MySQL: decoding AuthSwitchRequest/AuthSwitchResponse fails https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10342 MySQL: decoding compressed packets fails https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10351 MySQL: decoding COM_CHANGE_USER from new clients fails In Wireshark trunk there are fixes for utf8mb4, connection attributes, authentication plugins, new capability flags and com_change_user. I expect these to land in Wireshark 1.14. In Wireshark trunk there is a feature which allows you to dissect the initial (cleartext) greeting and the SSL traffic at the same time. I don't think anything should be changed on the MySQL side to support Wireshark (so I think this bug can be closed)
[2 Jun 2023 13:27]
Daniël van Eeden
Small update: More improvements have landed in the master branch of Wireshark the list of known issues is now 0. Feel free to report any issues via https://gitlab.com/wireshark/wireshark/-/issues/new It might be useful to have a SSLKEYLOGFILE as explained on https://wiki.wireshark.org/TLS and supported by multiple browsers etc. in MySQL to make it easier to decrypt TLS sessions with more modern ciphersuites. That could be in either the server or in the client.
[2 Jun 2023 13:28]
Daniël van Eeden
See also Bug #80709