Wireshark-users: [Wireshark-users] TLS/SSL-PSK: Decryption not working
From: "Steffen K." <stkl.mail@xxxxxxxxxxxxxx>
Date: Fri, 21 Feb 2014 21:21:20 +0100
Hi,

I am trying to decrypt SSL/TLS traffic encrypted with a pre-shared key. The cipher I use is PSK-AES128-CBC-SHA. I use the built-in openssl server (s_server) and client (s_client) and it works well but traffic decryption does not work. I've already specified a ssl_debug file in wireshark and set the pre-shared key to the same I pass as an openssl argument. The ssl_debug log complains about (just an excerpt, other frames has the same error messages):
##################################
dissect_ssl enter frame #166 (first time)
ssl_session_init: initializing ptr 0000000007B521D0 size 688
  conversation = 0000000007B51B30, ssl_session = 0000000007B521D0
  record: offset = 0, reported_length_remaining = 327
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 322, ssl state 0x00
association_find: TCP port 49185 found 0000000000000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 318 bytes, remaining 327
packet_from_server: is from server - FALSE
ssl_find_private_key server 192.168.0.146:4443
ssl_find_private_key can't find private key for this server! Try it again with universal port 0 ssl_find_private_key can't find private key for this server (universal port)! Try it again with universal address 0.0.0.0
ssl_find_private_key can't find any private key!
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
##################################
dissect_ssl enter frame #168 (first time)
  conversation = 0000000007B51B30, ssl_session = 0000000007B521D0
  record: offset = 0, reported_length_remaining = 72
dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 58, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_restore_session can't find stored session
trying to use SSL keylog in
failed to open SSL keylog
  cannot find master secret in keylog file either
dissect_ssl3_hnd_srv_hello found CIPHER 0x008C -> state 0x17
dissect_ssl3_hnd_srv_hello trying to generate keys
ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)
dissect_ssl3_hnd_srv_hello can't generate keyring material
  record: offset = 63, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 68 length 0 bytes, remaining 72
##################################
I don't understand the errors, because if TLS-PSK is used, no private key or master-secret has to be given. Or am I completely wrong about this?

General information:
OS: Win7 64bit
Wireshark: Version 1.10.5 (SVN Rev 54262 from /trunk-1.10) (64-bit)

Thanks for any response!
- steffen