Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 4321] New: SSL module unable to support low grade crypto

Wireshark-bugs: [Wireshark-bugs] [Bug 4321] New: SSL module unable to support low grade crypto

Date: Thu, 10 Dec 2009 16:00:59 -0800 (PST)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4321

           Summary: SSL module unable to support low grade crypto
           Product: Wireshark
           Version: 1.0.3
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: peter.lambrechtsen@xxxxxx


Build Information:
Version 1.0.3 (SVN Rev 26134)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows Server 2003 Service Pack 2, build 3790, with WinPcap version
4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
When using a low grade crypto across a SSL session:

Secure Socket Layer
    SSLv2 Record Layer: Client Hello
        [Version: SSL 2.0 (0x0002)]
        Length: 50
        Handshake Message Type: Client Hello (1)
        Version: SSL 3.0 (0x0300)
        Cipher Spec Length: 9
        Session ID Length: 0
        Challenge Length: 32
        Cipher Specs (3 specs)
            Cipher Spec: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x00001b)
            Cipher Spec: TLS_DH_anon_WITH_RC4_128_MD5 (0x000018)
            Cipher Spec: TLS_DH_anon_WITH_DES_CBC_SHA (0x00001a)
        Challenge

The SSL Module doesn't support decrypting it and returns an error, as per the
ssldebug.log:


dissect_ssl enter frame #29 (first time)
  conversation = 046A23B0, ssl_session = 046A2588
dissect_ssl3_record found version 0x0300 -> state 0x11
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 42 ssl, state 0x11
association_find: TCP port 636 found 03E473B0
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 38 bytes, remaining
47 
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_restore_session can't find stored session
dissect_ssl3_hnd_srv_hello found CIPHER 0x001A -> state 0x17
dissect_ssl3_hnd_srv_hello not enough data to generate key (required 0x37)
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 267 ssl, state 0x17
association_find: TCP port 636 found 03E473B0
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 12 offset 52 length 263 bytes,
remaining 319 
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 4 ssl, state 0x17
association_find: TCP port 636 found 03E473B0
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 324 length 0 bytes, remaining
328 

dissect_ssl enter frame #31 (first time)
  conversation = 046A23B0, ssl_session = 046A2588
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 134 ssl, state 0x17
association_find: TCP port 64509 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 130 bytes, remaining
139 
dissect_ssl3_handshake found SSL_HND_CLIENT_KEY_EXCHG state 0x17
ssl_decrypt_pre_master_secret key 17 diferent from KEX_RSA(16)
dissect_ssl3_handshake can't decrypt pre master secret

I will look to create a new self signed certificate and replicate with relevant
traces.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Follow-Ups:
- [Wireshark-bugs] [Bug 4321] SSL module unable to decrypt DH ciphers
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 4318] IPv6 tab in Endpoints window
Next by Date: [Wireshark-bugs] [Bug 4320] [PATCH] rtp stream analysis: fix missing display of max skew in reversed d.
Previous by thread: [Wireshark-bugs] [Bug 4320] [PATCH] rtp stream analysis: fix missing display of max skew in reversed d.
Next by thread: [Wireshark-bugs] [Bug 4321] SSL module unable to decrypt DH ciphers
Index(es):
- Date
- Thread