Wireshark-users: [Wireshark-users] Unable to decrypt SSL data provided with Wiki sample capture
From: "Maurizio Giudici" <mrgiudici@xxxxxx>
Date: Wed, 22 Apr 2009 15:48:32 +0200
Hi, I just downloaded and installed Wireshark 1.0.7 for Windows, and, only to understand better how things work, I tried to load the sample capture of an SSL connection provided in the Wireshark Wiki (http://wiki.wireshark.org/SSL). In the SSL preferences I specified the RSA keys list in the following way: 127.0.0.1,443,http,C:\Programmi\Wireshark\private\snakeoil2.key and I specified a SSL debug file too. Unfortunately, when I load the capture file "rsasnakeoil2.cap" into Wireshark and view packets that contain "Application Data", the data are still encrypted. This is the first part of the debug file: ssl_init keys string: 127.0.0.1,443,http,C:\Programmi\Wireshark\private\snakeoil2.key ssl_init found host entry 127.0.0.1,443,http,C:\Programmi\Wireshark\private\snakeoil2.key ssl_init addr '127.0.0.1' port '443' filename 'C:\Programmi\Wireshark\private\snakeoil2.key' password(only for p12 file) '(null)' association_find: TCP port 993 found 03A89320 ssl_association_remove removing TCP 993 - imap handle 028F3588 association_add TCP port 993 protocol imap handle 028F3588 association_find: TCP port 995 found 03A89360 ssl_association_remove removing TCP 995 - pop handle 037D1920 association_add TCP port 995 protocol pop handle 037D1920 dissect_ssl enter frame #4 (first time) ssl_session_init: initializing ptr 04581A48 size 564 association_find: TCP port 38713 found 00000000 packet_from_server: is from server - FALSE dissect_ssl server 127.0.0.1:443 dissect_ssl can't find private key for this server! Try it again with universal port 0 dissect_ssl can't find private key for this server (universal port)! Try it again with universal address 0.0.0.0 dissect_ssl can't find any private key! conversation = 04581870, ssl_session = 04581A48 client random len: 16 padded to 32 dissect_ssl enter frame #6 (first time) conversation = 04581870, ssl_session = 04581A48 dissect_ssl3_record found version 0x0300 -> state 0x11 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 74 ssl, state 0x11 association_find: TCP port 443 found 03A50BD8 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 79 dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13 dissect_ssl3_hnd_srv_hello found CIPHER 0x0035 -> state 0x17 dissect_ssl3_hnd_srv_hello not enough data to generate key (required 0x37) dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 836 ssl, state 0x17 association_find: TCP port 443 found 03A50BD8 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 11 offset 84 length 832 bytes, remaining 920 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 4 ssl, state 0x17 association_find: TCP port 443 found 03A50BD8 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 14 offset 925 length 0 bytes, remaining 929 I think that messages like "dissect_ssl can't find any private key" and "no decoder available" show that something went wrong, but I have no clue on how to fix this. Thanks in advance. Maurizio
- Prev by Date: [Wireshark-users] Compiling wireshark on windows
- Next by Date: Re: [Wireshark-users] Compiling wireshark on windows
- Previous by thread: Re: [Wireshark-users] Compiling wireshark on windows
- Next by thread: [Wireshark-users] how traffic flows
- Index(es):