sent previously to community.mailimg lost but no response there, so resending it here.
Hello mailing list, I set up ESP deciphering/decoding preferences with following relevant parameters in wireshark 4.4.6: -- attempt to check ESP Authentication -- off -- attempt to detect/decode NULL encrypted ESP payload -- off then I entered ESP SAs with relevant IPs, SPIs and deciphering key, leaving the authentication algorithm at NULL and wireshark did not decipher ESP payload. I set authentication algorithm to HMAC-SHA1-96 (RFC 2404) then, without authentication key and wireshark did decipher as expected. Question: why wireshark cares so much about authentication algorithm in this scenario, shouldn't it just decipher with all the information for it available or what goes on here as in "potential bug" ? Kind Regards Ariel Burbaickij
_______________________________________________ Wireshark-dev mailing list -- wireshark-dev@wireshark.org To unsubscribe send an email to wireshark-dev-le...@wireshark.org
