Need help with decrypting wireshark data....

[Al <shaselai () yahoo com>]

I followed a guide where I extracted my private key and insert it into the SSL from wireshark preferences like:

123.456.55.678,443,http,C:\testkey.pem

I tried both http and https - i thought since i am talking to server in https it might be https? Anyway, both failed to 
decrypt (still see jargon raw data when i view TCP stream. The debug log gives me:


ssl_association_remove removing TCP 443 - http handle 03164D48
ssl_init keys string:
123.456.55.678,443,http,C:\testkey.pem
ssl_init found host entry 123.456.55.678,443,http,C:\testkey.pem
ssl_init addr '123.456.55.678' port '443' filename 'C:\testkey.pem' password(only for p12 file) '(null)'
Private key imported: KeyID 01:31:a7:9e:fc:94:8b:08:2f:17:65:13:20:f9:d3:81:...
ssl_init private key file C:\testkey.pem successfully loaded
association_add TCP port 443 protocol http handle 03164D48

dissect_ssl enter frame #4 (first time)
ssl_session_init: initializing ptr 04E41BAC size 584
  conversation = 04E41868, ssl_session = 04E41BAC
  record: offset = 0, reported_length_remaining = 100
packet_from_server: is from server - FALSE
ssl_find_private_key server 123.456.55.678:443
client random len: 32 padded to 32
dissect_ssl2_hnd_client_hello found CLIENT RANDOM -> state 0x01
........


So it seems the key has been found and loaded BUT when i check the STOPPED TCP stream it is still all jargon... what am 
i doing wrong here? thanks




      
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe