kolos_ws@xxxxxxxx wrote:
Hi Philippe,
[..]
I don't get why Wireshark can not find the key in this case.
dissect_ssl enter frame #167 (first time)
conversation = 04804BD0, ssl_session = 04804DA8
dissect_ssl3_record found version 0x0301 -> state 0x11
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 927 ssl, state 0x11
association_find: TCP port 443 found 03ADCDD8
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes,
remaining 932
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
dissect_ssl3_hnd_srv_hello found CIPHER 0x002F -> state 0x17
dissect_ssl3_hnd_srv_hello not enough data to generate key (required 0x37)
dissect_ssl3_handshake iteration 0 type 11 offset 86 length 838 bytes,
remaining 932
dissect_ssl3_handshake iteration 0 type 14 offset 928 length 0 bytes,
remaining 932
And I don't get why there is not enough data to generate the key.
Read this email and the related thread, maybe it will help:
http://www.wireshark.org/lists/wireshark-users/201009/msg00050.html
Very interesting documentation. Certainly worth adding to the SSL wiki
page.
Is there any way I can validate that my client is using a DH algorithm ?
I looked at the trace again, the thing that looks like choosing the
protocol is the following :
TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.0 (0x0301)
Length: 1
Change Cipher Spec Message
But it does not mention any protocol names. Nor does it in the debug
log.
cheers,
Philippe
|
