Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSL: key exchange 0 different from KEX_RSA (16)

From: Sake Blok <sake () euronet nl>
Date: Mon, 5 Jul 2010 20:56:31 +0200
On 5 jul 2010, at 16:29, Guy Deffaux wrote:


---> ssl_decrypt_pre_master_secret key exchange 0 different from KEX_RSA 
(16) <---


This means wireshark does not see a RSA key exchange and is therefore not able to do decryption based on the servers 
private key. If you take a look at the ServerHello message, you can see that a DH cipher has been chosen:

Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)

(notice the _DHE_)

When a DH cipher is used, the keying material is not encrypted with the servers public key (which can be decrypted with 
the servers private key), but with dynamically generated keys which are only (temporarily) known to the client and the 
server. Wireshark is not able to decrypt that.

You can use "--ciphers RSA" with curl to make it only use RSA ciphers. See the manual page for more details.

Hope this helps,
Cheers,


Sake


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: