yet another failure to decrypt (tunneled) SSL traffic

[rouli <rouli.net () gmail com>]

Hi folks,
Searching in the archives I saw that many have encountered similar problems,
but yet I wasn't able to find a resolution.
In the attached file you can find the a pcap containing tunneled ssl traffic
over http (over port 8888) the private encryption key and the full ssl debug
log file. Wireshark just to decrypt any of the application block, but maybe
I'm missing something. In the configuration I have added 8888 as a http
port, and "10.0.0.52,8888,http,c:\temp\charles.key" under ssl.
In the ssl debug log I get the following interesting errors:

ssl_generate_keyring_material not enough data to generate key (0x17 required
0x37 or 0x57)
dissect_ssl3_hnd_srv_hello can't generate keyring material

ssl_decrypt_pre_master_secret:RSA_private_decrypt
pcry_private_decrypt: decrypted data is too long ?!? (256 max 128)
ssl_decrypt_pre_master_secret wrong pre_master_secret length (0, expected
48)
dissect_ssl3_handshake can't decrypt pre master secret


If any one could crack the code, s/he would not only have my eternal
gratitude but would also be able to see my encrypted data (* that may or may
not be interesting and useful for evil purposes).

Thanks,
-r

Attachment: charles.zip
Description:

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe