-2

I want to verify whether wireshark can decrypt HTTPS traffic or not when DHE is used for key exchange. For the same reason, I want to access some application or website which uses DHE for key exchange. I am unable to find one.

Are there any Linux-based applications or websites which use DHE for key exchange?

forest
  • 64,616
  • 20
  • 206
  • 257
bholanath
  • 125
  • 4
  • Many systems support DHE, though as one answer says, usually they use ECDHE instead for performance reasons. But DHE is still _very_ common. – forest Dec 10 '17 at 06:02
  • You can also use `openssl s_server` usually with `-www` or sometimes `-WWW` to run **your own** minimal server with extensive controls over the SSL/TLS/crypto options. On (all?) Unix you can even do this on the same system; on Windows wireshark (really winpcap) usually can't capture loopback traffic so you need to use two systems. – dave_thompson_085 Dec 11 '17 at 00:37
  • 1
    If a post answered your question, please mark it as accepted! :) – forest Oct 20 '18 at 06:27

2 Answers2

3

There are many websites that support DHE. From the top 10 million Alexa results, a scan in 2014 showed that nearly 60% of websites supported DHE. From a blog post, the numbers are given as:

Supported Handshakes      Count     Percent
-------------------------+---------+-------
DHE                       267507    59.2524
ECDHE                     97570     21.6116

Many of these are just the result of Apache providing its default 1024-bit DHE, but it still shows support. Finding a random website that supports TLS will still give you a good chance of getting one which supports DHE. Wikipedia supports DHE, for example.

You can test if a standard website supports DHE using the openssl command line utility:

openssl s_client -cipher DHE -connect example.com:443

A website that does not support the specified cipher will return a handshake error.

forest
  • 64,616
  • 20
  • 206
  • 257
0

Most websites only support ECDHE because EC is generally faster. However, I did find a website that provides DHE: www.netaddress.com.

Swashbuckler
  • 2,115
  • 8
  • 9
  • How did you find it uses ECDHE? I have tried using wireshark, however no info about cipher suit? – bholanath Jun 14 '17 at 14:27
  • There are lots of programs available that will analyze SSL/TLS connections. We use this at work https://www.bolet.org/TestSSLServer/ for testing products, however for public websites you can use https://www.ssllabs.com/ssltest/. – Swashbuckler Jun 15 '17 at 22:04