Wireshark mailing list archives
Problem deciphering an openssl stream
From: Philippe Fremy <phil () freehackers org>
Date: Thu, 07 Oct 2010 13:15:13 +0200
(re-sending, it seems that my first mail did not get through) Hi, I tried everything I could think of, but I still can't decipher the SSL stream from my server. Any help would be really appreciated. I am running WireShark Version 1.0.1 (SVN Rev 25639) on Windows XP. I've got the private key of the certificate exported in the PEM format, not ciphered. It begins with: -----BEGIN RSA PRIVATE KEY----- MIICXwIBAAKBgQC6igE7s9qXN+PXa0mFQKTIrr7lZM/j+QQwd1FBK7Awy2+dTrlY I've set Wireshark SSL to use it: 0.0.0.0,0,http,w:\open-privatekey.pem and a debug log file: d:\philippe\wireshark-ssl.log I've captured the traffic remotely with: sudo tcpdump -i eth1 -s 65535 -w mysite-tcpdump.pcap When I load it in wireshark, it's not decoded. Looking at the debug log output, I have: ssl_init keys string: 0.0.0.0,0,http,w:\open-privatekey.pem ssl_init found host entry 0.0.0.0,0,http,w:\open-privatekey.pem ssl_init addr '0.0.0.0' port '0' filename 'w:\open-privatekey.pem' password(only for p12 file) '(null)' ssl_init private key file w:\open-privatekey.pem successfully loaded association_add TCP port 0 protocol http handle 02C154C8 association_find: TCP port 993 found 03B164C0 ssl_association_remove removing TCP 993 - imap handle 02B39B88 association_add TCP port 993 protocol imap handle 02B39B88 association_find: TCP port 995 found 03B16500 ssl_association_remove removing TCP 995 - pop handle 037FBA10 association_add TCP port 995 protocol pop handle 037FBA10 For the first packets concerning my server, I get: dissect_ssl enter frame #166 (first time) ssl_session_init: initializing ptr 04804DA8 size 564 association_find: TCP port 46705 found 00000000 packet_from_server: is from server - FALSE dissect_ssl server 212.117.xx.yy:443 dissect_ssl can't find private key for this server! Try it again with universal port 0 dissect_ssl can't find private key for this server (universal port)! Try it again with universal address 0.0.0.0 dissect_ssl can't find any private key! conversation = 04804BD0, ssl_session = 04804DA8 client random len: 16 padded to 32 I don't get why Wireshark can not find the key in this case. dissect_ssl enter frame #167 (first time) conversation = 04804BD0, ssl_session = 04804DA8 dissect_ssl3_record found version 0x0301 -> state 0x11 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 927 ssl, state 0x11 association_find: TCP port 443 found 03ADCDD8 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 932 dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13 dissect_ssl3_hnd_srv_hello found CIPHER 0x002F -> state 0x17 dissect_ssl3_hnd_srv_hello not enough data to generate key (required 0x37) dissect_ssl3_handshake iteration 0 type 11 offset 86 length 838 bytes, remaining 932 dissect_ssl3_handshake iteration 0 type 14 offset 928 length 0 bytes, remaining 932 And I don't get why there is not enough data to generate the key. Any help really welcome. cheers, Philippe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Problem deciphering an openssl stream Philippe Fremy (Oct 07)
- Re: Problem deciphering an openssl stream Marco Simone Zuppone (Oct 07)
- Re: Problem deciphering an openssl stream Philippe Fremy (Oct 07)
- Re: Problem deciphering an openssl stream kolos_ws (Oct 11)
- Re: Problem deciphering an openssl stream Philippe Fremy (Oct 11)
- Re: Problem deciphering an openssl stream kolos_ws (Oct 11)
- Re: Problem deciphering an openssl stream Philippe Fremy (Oct 11)
- Re: Problem deciphering an openssl stream kolos_ws (Oct 11)
- Re: Problem deciphering an openssl stream Philippe Fremy (Oct 14)
- Re: Problem deciphering an openssl stream Philippe Fremy (Oct 11)
- Re: Problem deciphering an openssl stream Marco Simone Zuppone (Oct 07)