Hey Ian,
I just configured a file and got a bunch of this message:
dissect_ssl enter frame #1118 (first time)
conversation = 0xb24a8940, ssl_session = 0xb24a9610
record: offset = 0, reported_length_remaining = 2549
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 2544 ssl, state 0x17
association_find: TCP port 8443 found 0xba9e87e8
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 8443 found 0xba9e87e8
"no decoder available" is this my problem?
Thanks
Thiago Moreira
On Tue, Jan 19, 2010 at 11:38 AM, Ian Schorr
<ian.schorr@xxxxxxxxx> wrote:
I've been having a lot of problems with the SSL and Kerberos decryption lately. Odd thing I've found is that when I can decrypt on a Windows release, I can't on a unix (at least, Linux and OS X). And if I can decrypt on a Unix, I can't in Windows. It's traffic-dependent somehow, but I haven't spent much time investigating. Maybe you're having a similar problem?
Have you configured an ssl debug file (in the protocol prefs)?
Hey Sake,
This is my configuration: 127.0.0.1,8443,http,/home/tmoreira2020/foo.pem . It is pretty straightforward like yours, except the IP address but it does not work.
Is there a way to debug deeper on wireshark to know if the SSL key is being used/loaded/matched?
Cheers
Thiago Moreira
On Tue, Jan 19, 2010 at 5:36 AM, Sake Blok
<sake@xxxxxxxxxx> wrote:
There is no need to use the "Decode As..." if you
configure the RSA key list correctly in the SSL protocol preferences. You should
configure the RSA key list like this:
<server-ip>,<server-port>,<protocol
inside ssl>,<key-file-location>
If I understand you correctly, your SSL traffic is
not on port 443, so let's assume your server is at 10.0.0.1 and uses port 8443
and the protocol inside SSL is http, you would use:
10.0.0.1,8443,http,/root/foo.pem
Hope this helps,
Cheers,
Sake
----- Original Message -----
Sent: Tuesday, January 19, 2010 12:07
AM
Subject: Re: [Wireshark-users] can't load
private key from /root/foo.pem
Thank you Sake! The error message has gone
away.
But I'm still not able to see the header of http in a plain
text. I'm using the context menu "Decode As.." to decode the encrypted packet
but no success! Any clue?
Thanks
On Mon, Jan 18, 2010 at 6:48 PM, Sake Blok
<sake@xxxxxxxxxx>
wrote:
The file /root/foo.pem probably contains both
the certificate and the key. You should delete the part with the
certificate. Or you could use the following openssl command:
openssl pkcs12 -in foo.p12 -out foo.pem
-nodes -nocerts
Hope this helps,
Cheers,
Sake
----- Original Message -----
Sent: Monday, January 18, 2010 8:12
PM
Subject: [Wireshark-users] can't load
private key from /root/foo.pem
Hi there,
I'm facing the following error when adding a private key
to the "RSA key list" field on Wireshark preferences.
can't load private key from /root/foo.pem
The key was generated by $JAVA_HOME/bin/keytool and then
I used the following commands to export it to a PEM format
keytool -importkeystore -srckeystore .keystore
-destkeystore foo.p12 -srcstoretype jks
-deststoretype pkcs12
openssl pkcs12 -in foo.p12 -out foo.pem
My question is how can I find out what is going on? Is
there any debug flag that can use to help me find out the issue?
Thanks in advance
Thiago Moreira
___________________________________________________________________________
Sent
via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:
http://www.wireshark.org/lists/wireshark-users
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent
via: Wireshark-users mailing list
<
wireshark-users@xxxxxxxxxxxxx>
Archives:
http://www.wireshark.org/lists/wireshark-usersUnsubscribe:
https://wireshark.org/mailman/options/wireshark-users
mailto:
wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Attachment:
wireshark.png
Description: PNG image