Wireshark-users: [Wireshark-users] SSL issue not decoding data
From: jacob c <jctx09@xxxxxxxxx>
Date: Thu, 1 May 2008 14:28:54 -0700 (PDT)
Hello,
I am trying to view a SSL session. Based on the debug file it looks like the key is loading correctly but I can't see any of the HTTP requests. The packets still show it as "Encrypted Application". I do so some of these errors in the log:
decrypt_ssl3_record: no decoder available
I am attaching the debug file to this message in case anybody wants to look at it. Can someone tell me what I might be doing wrong?
Thank you,
ssl_init keys string:
10.62.40.134,443,http,c:\rfscanner\RFScanner_EnvB_Cert.key
ssl_init found host entry 10.62.40.134,443,http,c:\rfscanner\RFScanner_EnvB_Cert.key
ssl_init addr '10.62.40.134' port '443' filename 'c:\rfscanner\RFScanner_EnvB_Cert.key' password(only for p12 file) '(null)'
ssl_init private key file c:\rfscanner\RFScanner_EnvB_Cert.key successfully loaded
association_add TCP port 443 protocol http handle 02CECD08
association_find: TCP port 993 found 03C5C148
ssl_association_remove removing TCP 993 - imap handle 02BF9818
association_add TCP port 993 protocol imap handle 02BF9818
association_find: TCP port 995 found 03C5C188
ssl_association_remove removing TCP 995 - pop handle 039C1300
association_add TCP port 995 protocol pop handle 039C1300
10.62.40.134,443,http,c:\rfscanner\RFScanner_EnvB_Cert.key
ssl_init found host entry 10.62.40.134,443,http,c:\rfscanner\RFScanner_EnvB_Cert.key
ssl_init addr '10.62.40.134' port '443' filename 'c:\rfscanner\RFScanner_EnvB_Cert.key' password(only for p12 file) '(null)'
ssl_init private key file c:\rfscanner\RFScanner_EnvB_Cert.key successfully loaded
association_add TCP port 443 protocol http handle 02CECD08
association_find: TCP port 993 found 03C5C148
ssl_association_remove removing TCP 993 - imap handle 02BF9818
association_add TCP port 993 protocol imap handle 02BF9818
association_find: TCP port 995 found 03C5C188
ssl_association_remove removing TCP 995 - pop handle 039C1300
association_add TCP port 995 protocol pop handle 039C1300
dissect_ssl enter frame #4 (first time)
ssl_session_init: initializing ptr 04791A48 size 564
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
dissect_ssl server 10.62.40.134:443
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 91 ssl, state 0x00
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 87 bytes, remaining 96
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
ssl_session_init: initializing ptr 04791A48 size 564
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
dissect_ssl server 10.62.40.134:443
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 91 ssl, state 0x00
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 87 bytes, remaining 96
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #5 (first time)
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record found version 0x0301 -> state 0x11
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 74 ssl, state 0x11
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 79
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_restore_session can't find stored session
dissect_ssl3_hnd_srv_hello found CIPHER 0x0004 -> state 0x17
dissect_ssl3_hnd_srv_hello not enough data to generate key (required 0x37)
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 32 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 7 offset 90 length 4720827 bytes, remaining 122
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record found version 0x0301 -> state 0x11
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 74 ssl, state 0x11
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 79
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_restore_session can't find stored session
dissect_ssl3_hnd_srv_hello found CIPHER 0x0004 -> state 0x17
dissect_ssl3_hnd_srv_hello not enough data to generate key (required 0x37)
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 32 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 7 offset 90 length 4720827 bytes, remaining 122
dissect_ssl enter frame #6 (first time)
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 32 ssl, state 0x17
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 129 offset 11 length 3885348 bytes, remaining 43
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 32 ssl, state 0x17
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 129 offset 11 length 3885348 bytes, remaining 43
dissect_ssl enter frame #8 (first time)
conversation = 04791870, ssl_session = 04791A48
conversation = 04791870, ssl_session = 04791A48
dissect_ssl enter frame #9 (first time)
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 1445 ssl, state 0x17
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 1061 found 00000000
association_find: TCP port 443 found 03E58E98
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 1445 ssl, state 0x17
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 1061 found 00000000
association_find: TCP port 443 found 03E58E98
dissect_ssl enter frame #11 (first time)
conversation = 04791870, ssl_session = 04791A48
conversation = 04791870, ssl_session = 04791A48
dissect_ssl enter frame #13 (first time)
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 1564 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 1564 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
dissect_ssl enter frame #13 (first time)
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 55 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 21 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 55 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 21 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
dissect_ssl enter frame #15 (first time)
conversation = 04791870, ssl_session = 04791A48
conversation = 04791870, ssl_session = 04791A48
dissect_ssl enter frame #17 (first time)
conversation = 04791870, ssl_session = 04791A48
conversation = 04791870, ssl_session = 04791A48
dissect_ssl enter frame #19 (first time)
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 272 ssl, state 0x17
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 1061 found 00000000
association_find: TCP port 443 found 03E58E98
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 64 ssl, state 0x17
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 1061 found 00000000
association_find: TCP port 443 found 03E58E98
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 272 ssl, state 0x17
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 1061 found 00000000
association_find: TCP port 443 found 03E58E98
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 64 ssl, state 0x17
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 1061 found 00000000
association_find: TCP port 443 found 03E58E98
dissect_ssl enter frame #21 (first time)
conversation = 04791870, ssl_session = 04791A48
conversation = 04791870, ssl_session = 04791A48
dissect_ssl enter frame #23 (first time)
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 1476 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 1476 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
dissect_ssl enter frame #23 (first time)
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 769 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 769 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
- Follow-Ups:
- Re: [Wireshark-users] SSL issue not decoding data
- From: Sake Blok
- Re: [Wireshark-users] SSL issue not decoding data
- Prev by Date: Re: [Wireshark-users] Is it possible to back-up packetcapturesindefined time interval
- Next by Date: Re: [Wireshark-users] SSL issue not decoding data
- Previous by thread: Re: [Wireshark-users] Is it possible to back-uppacketcapturesindefined time interval
- Next by thread: Re: [Wireshark-users] SSL issue not decoding data
- Index(es):