[commits] [Wiki] changed: ActiveSync
Michael Rubinsky
mrubinsk at horde.org
Sat Jan 16 06:18:52 UTC 2016
mrubinsk Sat, 16 Jan 2016 06:18:52 +0000
Modified page: http://wiki.horde.org/ActiveSync
New Revision: 283
Change log: Add a note (mostly to myself) about wireshark/TLS/Forward
secure ciphers.
@@ -294,8 +294,14 @@
If you want to sniff the traffic on your server, and wireshark is
not available becuase there is no windowing system, you can use the
tshark application instead. The following command will capture http
traffic on port 80, and will ignore most requests we are not
interested in. It's worth mentioning that for the capture to be
useful, you MUST not setup SSL on the device. Depending on your user's
rights, you may need to run this as sudo:
<code>
tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) -
((tcp[12]&0xf0)>>2)) != 0)' -w /path/to/capture/file
+</code>
+
+**A note to developers attempting to use wireshark/tshark over ssl
connections**: Some clients (like Outlook) REQUIRE a SSL connection
and as such, make it more difficult to trace. Wireshark is able to
dissect SSL communication if it is given the server's private RSA key.
The only caveat here is that it will NOT work with so called
forward-secure ciphers like Diffie-Hellman since the server's key is
not enough to decode the data. If you find yourself needing to trace
ActiveSync traffic over SSL connections you must make sure you
configure the webserver to use a less secure cipher. Obviously you
only want to do this on test systems with non-production private keys.
For lighttpd, this can be done using something like:
+
+<code>
+ssl.cipher-list = "AES256-SHA AES128-SHA RC4-SHA RC4-MD5"
</code>
++++ Debug logging on device.
More information about the commits
mailing list