Wireshark-bugs: [Wireshark-bugs] [Bug 6869] New: SSL decryption not work even with example captu

Date: Fri, 24 Feb 2012 12:47:08 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6869

           Summary: SSL decryption not work even with example capture file
                    and key
           Product: Wireshark
           Version: 1.6.5
          Platform: x86-64
        OS/Version: Gentoo
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: g.djavadyan@xxxxxxxxx


Created attachment 7894
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7894
Wireshark SSL debug file

Build Information:
wireshark 1.6.5 (SVN Rev Unknown from unknown)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.10, with GLib 2.30.2, with libpcap (version
unknown), with libz 1.2.6, with POSIX capabilities (Linux), without libpcre,
without SMI, without c-ares, without ADNS, with Lua 5.1, without Python, with
GnuTLS 2.12.16, with Gcrypt 1.5.0, without Kerberos, without GeoIP, without
PortAudio, without AirPcap.

Running on Linux 2.6.37-gentoo-r6, with libpcap version 1.2.1, with libz 1.2.6,
GnuTLS 2.12.16, Gcrypt 1.5.0.

Built using gcc 4.5.3.
--
First, I used SSL capture file of working HTTPS server traffic to debug some
HTTP problems. I used HTTPS server's PEM private key. The key loaded
successfully according to SSL debug log file. Next, Wireshark tried to decode
server's SSL packet. It found CIPHER 0x0035 (TLS_RSA_WITH_AES_256_CBC_SHA), but
complained with message 'ssl_generate_keyring_material not enough data to
generate key (0x17 required 0x37 or 0x57)'.

Then I tried to test decryption function with Wireshark's SSL example capture
file and key. SSL debug showed same results.

Debug file included. Thanks.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.