Bug #55670 Improve MySQL/SSL dissection for tools like Wireshark
Submitted: 1 Aug 2010 4:24 Modified: 27 Dec 2010 11:00
Reporter: Jonathon Coombes Email Updates:
Status: Verified Impact on me:
None 
Category:Connector / C Severity:S4 (Feature request)
Version:5.0,5.1 OS:Any
Assigned to: CPU Architecture:Any
Tags: API, protocol, SSL

[1 Aug 2010 4:24] Jonathon Coombes
Description:
Improve or implement the way MySQL is dissected when using SSL to allow standard analysis using Wireshark or similar tools.

How to repeat:
N/A

Suggested fix:
N/A
[24 Jan 2011 12:58] Ulf Wendel
Is this for Connector/C or for the MySQL Client Library contained in the MySQL Server sources? Judging from the Version, I guess this is for the server. Based on logic this is for both as both libraries should be improved...

Anyway, needs Triage.
[9 Dec 2014 14:22] Daniël van Eeden
It is possible to dissect the MySQL protocol with Wireshark when using SSL:
http://databaseblog.myname.nl/2014/07/decoding-encrypted-mysql-traffic-with.html

There are some known cases where the dissector for MySQL fails:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10346 MySQL: decoding AuthSwitchRequest/AuthSwitchResponse fails
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10342 MySQL: decoding compressed packets fails
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10351 MySQL: decoding COM_CHANGE_USER from new clients fails

In Wireshark trunk there are fixes for utf8mb4, connection attributes, authentication plugins, new capability flags and com_change_user. I expect these to land in Wireshark 1.14.

In Wireshark trunk there is a feature which allows you to dissect the initial (cleartext) greeting and the SSL traffic at the same time.

I don't think anything should be changed on the MySQL side to support Wireshark (so I think this bug can be closed)
[2 Jun 2023 13:27] Daniël van Eeden
Small update: More improvements have landed in the master branch of Wireshark the list of known issues is now 0. Feel free to report any issues via https://gitlab.com/wireshark/wireshark/-/issues/new

It might be useful to have a SSLKEYLOGFILE as explained on https://wiki.wireshark.org/TLS and supported by multiple browsers etc. in MySQL to make it easier to decrypt TLS sessions with more modern ciphersuites. That could be in either the server or in the client.
[2 Jun 2023 13:28] Daniël van Eeden
See also Bug #80709