Wireshark-bugs: [Wireshark-bugs] [Bug 11990] New: SSL/TLSv1 Decryption and Display Issues

Date: Sun, 10 Jan 2016 02:31:09 +0000
Bug ID 11990
Summary SSL/TLSv1 Decryption and Display Issues
Product Wireshark
Version 2.0.1
Hardware x86-64
OS Windows 10
Status CONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Build Information:
Version 2.0.1 (v2.0.1-0-g59ea380 from master-2.0)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 10, build 10586, with locale C, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i7-5820K CPU @ 3.30GHz (with SSE4.2), with 32593MB of
physical
memory.


Built using Microsoft Visual C++ 12.0 build 31101

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
There seem to be a few oddities around SSL/TLS1 packet decryption. This can
result in the infamous "Ignored Unknown Record" when receiving data, or out
right not displaying data that is being sent.

I've been trying to do some work on the OSCAR/AIM protocol, but since it's all
switched to SLL and TLS it was a pain to get into. Once I rebuilt a target NSS
DLL with some features to dump the pre-master key, I was able to get wireshark
to start processing the details. My details and speculation of the issue
follow:

It seems that when the client sends multiple records in the same frame, that
Wireshark can get confused. Immediately after the key exchange, I can see
decrypted data sent by the client, similar to this:

------> Frame #33 <------

dissect_ssl enter frame #33 (first time)
packet_from_server: is from server - FALSE
  conversation = 00000000045A59B0, ssl_session = 00000000045A61B0
  record: offset = 0, reported_length_remaining = 89
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 84, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 84
Ciphertext[84]:
| 2f 2b 68 31 c7 ff 6a 63 54 54 14 9c 9f e4 76 f1 |/+h1..jcTT....v.|
| c3 fb 69 38 e0 cd bf bc 8b 32 94 de c4 d3 7e 93 |..i8.....2....~.|
| 0b 73 ec 6d 8d af c6 02 b0 77 da 3c 28 0a 96 43 |.s.m.....w.<(..C|
| 38 3f 14 f8 70 e6 3f 99 39 e4 ad 27 91 f7 df cf |8?..p.?.9..'....|
| cc 33 7c f4 d4 88 1d 46 f3 b4 e8 25 46 b7 ba b7 |.3|....F...%F...|
| f4 7c 99 bf                                     |.|..            |
Plaintext[84]:
| 2a 02 74 19 00 3e 00 01 00 17 00 00 00 00 00 17 |*.t..>..........|
| 00 22 00 01 00 01 00 04 00 24 00 01 00 13 00 03 |.".......$......|
| 00 02 00 01 00 25 00 01 00 03 00 01 00 15 00 01 |.....%..........|
| 00 04 00 01 00 06 00 01 00 09 00 01 00 0a 00 01 |................|
| 00 0b 00 01 ea dc 22 61 18 e6 9b 51 92 b4 bc 63 |......"a...Q...c|
| da a5 18 c8                                     |....            |
checking mac (len 68, version 301, ct 23 seq 2)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| ea dc 22 61 18 e6 9b 51 92 b4 bc 63 da a5 18 c8 |.."a...Q...c....|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 68, seq = 493, nxtseq = 561
dissect_ssl3_record decrypted len 68
decrypted app data fragment[68]:
| 2a 02 74 19 00 3e 00 01 00 17 00 00 00 00 00 17 |*.t..>..........|
| 00 22 00 01 00 01 00 04 00 24 00 01 00 13 00 03 |.".......$......|
| 00 02 00 01 00 25 00 01 00 03 00 01 00 15 00 01 |.....%..........|
| 00 04 00 01 00 06 00 01 00 09 00 01 00 0a 00 01 |................|
| 00 0b 00 01                                     |....            |
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE

------> End Frame #33 <------

This process continues back and forth with the OSCAR protocol. Wireshark
incorrectly identified the sub-dissector as HTTP, but I can't find a way to
change that. It is over port 443, but the message is clearly a FLAP format.
It'd be nice if that were an option to change, but for the moment I can decode
that by hand.

At some point, the client sends frame 39, which is a complete TLSv1 record, but
for some reason wireshark is displaying [SSL segment of a reassembled PDU] in
the info field. This seems a bit odd, since the PDU doesn't seem to be
reassembled, although it could be related to the fact that the last ACK was a
naked ACK over TCP, so perhaps it's treating it as reassembled with the naked
ACK. In either case, here's the packet:

------> Frame #39 <------

dissect_ssl enter frame #39 (first time)
packet_from_server: is from server - FALSE
  conversation = 00000000045A59B0, ssl_session = 00000000045A61B0
  record: offset = 0, reported_length_remaining = 47
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 42, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 42
Ciphertext[42]:
| 3f ba 76 47 4d e0 63 c6 1b 5d 67 be 4e a2 dd 92 |?.vGM.c..]g.N...|
| cb c5 15 81 f3 a7 30 d8 b5 30 b8 b6 92 21 2e 6f |......0..0...!.o|
| 0a 77 1a d6 fa 27 d0 d3 2f 66                   |.w...'../f      |
Plaintext[42]:
| 2a 02 74 1b 00 14 00 01 00 08 00 00 00 00 00 08 |*.t.............|
| 00 01 00 02 00 03 00 04 00 05 e9 b8 20 ad 1b b8 |............ ...|
| 8c b9 c2 e0 b4 3b e7 3f b1 ba                   |.....;.?..      |
checking mac (len 26, version 301, ct 23 seq 4)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| e9 b8 20 ad 1b b8 8c b9 c2 e0 b4 3b e7 3f b1 ba |.. ........;.?..|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 26, seq = 577, nxtseq = 603
dissect_ssl3_record decrypted len 26
decrypted app data fragment[26]:
| 2a 02 74 1b 00 14 00 01 00 08 00 00 00 00 00 08 |*.t.............|
| 00 01 00 02 00 03 00 04 00 05                   |..........      |
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE

------> End Frame #39 <------

The client shows that it's decoded properly in the interface, but it also shows
a new entry in the tree of "SSL segment data (26 bytes)" which none of the
previous entries had. This segment data shows the app data fragment you see in
the packet capture above.  It may just be a consistency issue that it's not
being displayed on the other packets, or perhaps falsely displayed here. Either
way, it still shows the expected "Decrypted SSL data" tab at the bottom of the
inspector window.

Frame #41 is now sent to the server, and this is where things get..
interesting. It would seem that this frame contains multiple TLSv1 records in
it. The info field for this frame reads "Application Data[SSL segment of a
reassembled PDU], Application Data, Application Data, Application Data,
Application Data, Application Data". There appear to be a total of 7 records in
this frame. The first 4 show in the GUI tree as a record with a "SSL segment
data" block directly underneath each that contains the plaintext. The next
three records have no entry underneath them with the plaintext. At the bottom
of the tree are two entries for "3 reassembled SSL segments (60 bytes)" which
contain the same three segments from this very frame. I'm not sure why it's
listed twice, but it is. Then, it conclude with a 2 segment entry for "2
reassembled SSL segments (42 bytes)", that lists a segment from frame #39
(above), and also a 16 byte segment from this frame (the first segment). The
repeated entries I mentioned for the 3 segments, seem to be the next 3 segments
after the first that show up. So, the segments 4-7 aren't decoded in the tree
anywhere, HOWEVER, they are decoded in tabs at the bottom of the inspector as
"Decrypted SSL data". Also, intermixed with those tabs are three "Reassembled
SSL" entries, in reverse order from what was presented in the tree above (the
last entry in the tree is the left-most entry in the tab list, which seems
odd).

I've pasted the frame below:

------> Frame #41 <------

dissect_ssl enter frame #41 (first time)
packet_from_server: is from server - FALSE
  conversation = 00000000045A59B0, ssl_session = 00000000045A61B0
  record: offset = 0, reported_length_remaining = 318
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 32
Ciphertext[32]:
| f0 7b ab df 6d 6c 9b 49 26 8a 77 bb c3 d1 13 a2 |.{..ml.I&.w.....|
| 9a 31 3d db 84 0c fa 5a a8 07 2b bb 7a 3f c5 2b |.1=....Z..+.z?.+|
Plaintext[32]:
| 2a 02 74 1c 00 0a 00 01 00 0e 00 00 01 0e 00 0e |*.t.............|
| 23 58 b4 c2 47 2c 6f 66 65 e3 33 9a 55 69 45 c7 |#X..G,ofe.3.UiE.|
checking mac (len 16, version 301, ct 23 seq 5)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| 23 58 b4 c2 47 2c 6f 66 65 e3 33 9a 55 69 45 c7 |#X..G,ofe.3.UiE.|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 16, seq = 603, nxtseq = 619
dissect_ssl3_record decrypted len 16
decrypted app data fragment[16]:
| 2a 02 74 1c 00 0a 00 01 00 0e 00 00 01 0e 00 0e |*.t.............|
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE
  record: offset = 37, reported_length_remaining = 281
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 38, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 38
Ciphertext[38]:
| d1 6b 57 d5 be 09 00 1f 49 d1 3a a7 f1 29 7f ee |.kW.....I.:..)..|
| 8a bd e4 1b 21 27 d3 51 e1 5a ae 95 79 63 43 a2 |....!'.Q.Z..ycC.|
| 2f ad ae b1 52 bb                               |/...R.          |
Plaintext[38]:
| 2a 02 74 1d 00 10 00 13 00 02 00 00 00 00 00 02 |*.t.............|
| 00 0b 00 02 00 fd 1e bb 97 84 76 44 37 64 d5 77 |..........vD7d.w|
| f0 47 6e a9 5f 78                               |.Gn._x          |
checking mac (len 22, version 301, ct 23 seq 6)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| 1e bb 97 84 76 44 37 64 d5 77 f0 47 6e a9 5f 78 |....vD7d.w.Gn._x|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 22, seq = 619, nxtseq = 641
dissect_ssl3_record decrypted len 22
decrypted app data fragment[22]:
| 2a 02 74 1d 00 10 00 13 00 02 00 00 00 00 00 02 |*.t.............|
| 00 0b 00 02 00 fd                               |......          |
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE
  record: offset = 80, reported_length_remaining = 238
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 38, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 38
Ciphertext[38]:
| 1f cd b9 fb 8f 93 21 79 a0 8e 35 cb 03 ae a3 90 |......!y..5.....|
| 72 a6 1c f9 8b 91 6d 13 4e 87 6f 09 2c 61 73 52 |r.....m.N.o.,asR|
| 1e 9e f1 bc 62 9c                               |....b.          |
Plaintext[38]:
| 2a 02 74 1e 00 10 00 13 00 05 00 00 7f 42 00 05 |*.t..........B..|
| 56 91 a8 e4 00 1a 6b fe 99 ed 83 69 93 6c a7 6e |V.....k....i.l.n|
| 83 f7 a2 39 7d 0e                               |...9}.          |
checking mac (len 22, version 301, ct 23 seq 7)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| 6b fe 99 ed 83 69 93 6c a7 6e 83 f7 a2 39 7d 0e |k....i.l.n...9}.|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 22, seq = 641, nxtseq = 663
dissect_ssl3_record decrypted len 22
decrypted app data fragment[22]:
| 2a 02 74 1e 00 10 00 13 00 05 00 00 7f 42 00 05 |*.t..........B..|
| 56 91 a8 e4 00 1a                               |V.....          |
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE
  record: offset = 123, reported_length_remaining = 195
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 32
Ciphertext[32]:
| ba dd 55 56 75 23 d7 3a ed ac f0 ad b0 76 e0 f3 |..UVu#.:.....v..|
| 67 ab cf c8 b8 77 fd b7 2e c1 1c 0d b5 e0 e1 22 |g....w........."|
Plaintext[32]:
| 2a 02 74 1f 00 0a 00 02 00 02 00 00 00 00 00 02 |*.t.............|
| d6 f5 0d c0 e6 fc 57 7a fa c1 9d b5 f7 32 a7 31 |......Wz.....2.1|
checking mac (len 16, version 301, ct 23 seq 8)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| d6 f5 0d c0 e6 fc 57 7a fa c1 9d b5 f7 32 a7 31 |......Wz.....2.1|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 16, seq = 663, nxtseq = 679
dissect_ssl3_record decrypted len 16
decrypted app data fragment[16]:
| 2a 02 74 1f 00 0a 00 02 00 02 00 00 00 00 00 02 |*.t.............|
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE
  record: offset = 160, reported_length_remaining = 158
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 79, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 79
Ciphertext[79]:
| e9 85 70 c8 d4 fe 3d 5b f8 32 30 7a 72 d6 0d 65 |..p...=[.20zr..e|
| 17 9b 4b 3f b4 95 74 0c fd af b7 fb e7 42 4f c6 |..K?..t......BO.|
| 7d 71 25 ad 28 aa 12 19 e5 bd 01 37 16 68 fa c7 |}q%.(......7.h..|
| 80 c9 54 66 97 89 33 53 fb b8 d5 a0 76 43 e8 99 |..Tf..3S....vC..|
| de 74 b4 32 ed 83 05 2e 51 50 34 74 64 22 42    |.t.2....QP4td"B |
Plaintext[79]:
| 2a 02 74 20 00 39 00 03 00 02 00 00 00 00 00 02 |*.t .9..........|
| 00 05 00 02 00 17 00 06 00 03 00 00 00 00 07 00 |................|
| 01 00 00 08 00 01 01 00 0a 00 14 00 02 00 08 66 |...............f|
| 61 63 65 62 6f 6f 6b 00 06 67 6f 6f 67 6c 65 51 |acebook..googleQ|
| f7 69 a6 57 72 d7 51 0b 5f 0f c3 e3 54 fd 1c    |.i.Wr.Q._...T.. |
checking mac (len 63, version 301, ct 23 seq 9)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| 51 f7 69 a6 57 72 d7 51 0b 5f 0f c3 e3 54 fd 1c |Q.i.Wr.Q._...T..|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 63, seq = 679, nxtseq = 742
dissect_ssl3_record decrypted len 63
decrypted app data fragment[63]:
| 2a 02 74 20 00 39 00 03 00 02 00 00 00 00 00 02 |*.t .9..........|
| 00 05 00 02 00 17 00 06 00 03 00 00 00 00 07 00 |................|
| 01 00 00 08 00 01 01 00 0a 00 14 00 02 00 08 66 |...............f|
| 61 63 65 62 6f 6f 6b 00 06 67 6f 6f 67 6c 65    |acebook..google |
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE
  record: offset = 244, reported_length_remaining = 74
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 32
Ciphertext[32]:
| 10 c3 5f 46 e7 95 26 4f 82 4e 29 6a c8 ef e5 a0 |.._F..&O.N)j....|
| 58 ff ee 6a 76 af 3a 6a f8 64 41 b6 1a fe ce 61 |X..jv.:j.dA....a|
Plaintext[32]:
| 2a 02 74 21 00 0a 00 04 00 04 00 00 00 00 00 04 |*.t!............|
| e4 86 00 85 aa cd 1c 70 28 43 24 6a 46 ce 64 9d |.......p(C$jF.d.|
checking mac (len 16, version 301, ct 23 seq 10)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| e4 86 00 85 aa cd 1c 70 28 43 24 6a 46 ce 64 9d |.......p(C$jF.d.|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 16, seq = 742, nxtseq = 758
dissect_ssl3_record decrypted len 16
decrypted app data fragment[16]:
| 2a 02 74 21 00 0a 00 04 00 04 00 00 00 00 00 04 |*.t!............|
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE
  record: offset = 281, reported_length_remaining = 37
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 32
Ciphertext[32]:
| 5f d2 b7 ca af db 50 47 f4 5a 45 d2 67 0c 5a 81 |_.....PG.ZE.g.Z.|
| f7 b0 0c d9 6d 93 73 55 5d f8 98 f2 c0 06 b1 9e |....m.sU].......|
Plaintext[32]:
| 2a 02 74 22 00 0a 00 09 00 02 00 00 00 00 00 02 |*.t"............|
| 59 43 3d c8 ab 02 74 28 93 dc 39 8b a2 f1 85 14 |YC=...t(..9.....|
checking mac (len 16, version 301, ct 23 seq 11)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| 59 43 3d c8 ab 02 74 28 93 dc 39 8b a2 f1 85 14 |YC=...t(..9.....|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 16, seq = 758, nxtseq = 774
dissect_ssl3_record decrypted len 16
decrypted app data fragment[16]:
| 2a 02 74 22 00 0a 00 09 00 02 00 00 00 00 00 02 |*.t"............|
process_ssl_payload: found handle 0000000006234800 (http)

------> End Frame #41 <------

As you can tell, all 7 records seem to be decoded properly. The display of the
data is pretty random as to what you get in the UI, but you can piece through
it with a bit of effort.

As we go down the list, frame #45 seems to be another naked ACK, but frame #46
doesn't display as a [SSL segment of a reassembled PDU] in comparison to frame
#33 above. Again, not a huge deal, but something odd. Frame #46 only shows the
one record in the "Decrypted SSL data" tab in the inspector. There is no entry
in the tree to read the data.

------> End Frame #46 <------

dissect_ssl enter frame #46 (first time)
packet_from_server: is from server - FALSE
  conversation = 00000000045A59B0, ssl_session = 00000000045A61B0
  record: offset = 0, reported_length_remaining = 37
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 32
Ciphertext[32]:
| fd ff fd e6 0d 6f 41 50 8a 71 b3 51 15 e8 bf e4 |.....oAP.q.Q....|
| dd 76 0a 3d a7 d7 5f 91 34 3d de e0 e2 a8 c2 a5 |.v.=.._.4=......|
Plaintext[32]:
| 2a 02 74 23 00 0a 00 13 00 07 00 00 00 00 00 07 |*.t#............|
| 85 d3 7e eb ab ff 8e 3a dd 22 88 62 41 37 6f 82 |..~....:.".bA7o.|
checking mac (len 16, version 301, ct 23 seq 12)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| 85 d3 7e eb ab ff 8e 3a dd 22 88 62 41 37 6f 82 |..~....:.".bA7o.|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 16, seq = 774, nxtseq = 790
dissect_ssl3_record decrypted len 16
decrypted app data fragment[16]:
| 2a 02 74 23 00 0a 00 13 00 07 00 00 00 00 00 07 |*.t#............|
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE


------> End Frame #46 <------

We're still generally okay with the decryption, but frame #49 comes along and
we discover that it's an awful lot like #41. However, this time we don't get
all the records decoded. There are 7 records located in this frame. The first
record's data is 308 bytes long, which decodes into 292 bytes of data. The
second is 48 bytes of encrypted data, decoded into 32. The next is 40 decoded
into 24. The fourth is 136 decoded into 120, and the fifth is 34 into 18.

Why did I stop at five and not go to 6 or 7? There's no more info in the logs
to tell me. The UI says there's two more records at length 79 and 59, but the
debug log has no more entries after that. In addition, the tabs at the bottom
showing decrypted SSL data only count up to 5, matching the ones above (even
though out of order). The last two records are just missing from the decoding.

------> Frame #49 <------

dissect_ssl enter frame #49 (first time)
packet_from_server: is from server - FALSE
  conversation = 00000000045A59B0, ssl_session = 00000000045A61B0
  record: offset = 0, reported_length_remaining = 739
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 308, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 308
Ciphertext[308]:
| 07 a8 33 ad 0f 99 67 a8 a2 d7 5f 7a 95 7d d0 64 |..3...g..._z.}.d|
| 62 46 86 a9 d5 cb ed 86 48 98 b9 75 5f df 9e 19 |bF......H..u_...|
| c6 6c 2c 14 07 b4 8b e8 bc 2e 46 8f 36 35 ee 14 |.l,.......F.65..|
| dc 42 6c 48 ac 6e 62 a8 c3 ea 3c b0 3b 89 b5 2c |.BlH.nb...<.;..,|
| 19 73 53 5b a2 eb 3a 26 c9 de 3b 64 58 9d 0f b5 |.sS[..:&..;dX...|
| b5 14 8c 62 1e cb c9 33 fe ef a2 10 fe 79 cf 9f |...b...3.....y..|
| 68 e1 ab f0 f7 fe 94 b0 fd bb 22 64 20 2a e3 a7 |h........."d *..|
| 58 96 d2 af c3 80 45 68 5a a1 0c 4b 66 07 0f bf |X.....EhZ..Kf...|
| a6 3c 13 63 1a 4f d6 11 ed c4 36 a4 c9 cc 69 04 |.<.c.O....6...i.|
| c3 d7 25 0b 12 b9 0b 95 b1 ad 6c 81 d4 86 4f 35 |..%.......l...O5|
| 02 29 6d 42 eb cf 53 9e 9a f7 24 32 4e cd 29 b0 |.)mB..S...$2N.).|
| 55 7c a7 b6 3a dd 22 32 67 9f 19 f1 3b eb 02 9b |U|..:."2g...;...|
| 45 e4 e5 2e a6 16 a3 5c 21 42 43 ce c2 1b 0a f1 |E......\!BC.....|
| 5e 59 46 9e 66 77 19 01 04 97 9a f2 24 50 a8 fe |^YF.fw......$P..|
| 28 56 db 7b fe f4 7f 61 b2 5d 68 47 df fa 0e d8 |(V.{...a.]hG....|
| 76 0e f1 cf f5 02 10 49 4e 6e c6 50 f7 a5 b3 cc |v......INn.P....|
| 35 44 af bd 7f bc b0 51 f1 28 db 80 1a 07 c9 dc |5D.....Q.(......|
| 6d 26 e6 95 2d de f9 32 b4 15 92 6e c6 80 6e 20 |m&..-..2...n..n |
| ad 90 00 f4 08 4b c1 af df f7 11 61 fe eb ad 5b |.....K.....a...[|
| 1b d8 af 92                                     |....            |
Plaintext[308]:
| 2a 02 74 24 01 1e 00 02 00 04 00 00 00 00 00 04 |*.t$............|
| 00 05 01 10 09 46 01 0a 4c 7f 11 d1 82 22 44 45 |.....F..L...."DE|
| 53 54 00 00 09 46 01 0b 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 13 45 4c 7f 11 d1 82 22 44 45 |ST...F.EL...."DE|
| 53 54 00 00 09 46 01 ff 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 74 8f 24 20 62 87 11 d1 82 22 44 45 |ST..t.$ b...."DE|
| 53 54 00 00 09 46 13 43 4c 7f 11 d1 82 22 44 45 |ST...F.CL...."DE|
| 53 54 00 00 09 46 13 41 4c 7f 11 d1 82 22 44 45 |ST...F.AL...."DE|
| 53 54 00 00 09 46 01 04 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 01 05 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 00 00 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 01 03 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 01 01 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 13 4d 4c 7f 11 d1 82 22 44 45 |ST...F.ML...."DE|
| 53 54 00 00 09 46 13 4a 4c 7f 11 d1 82 22 44 45 |ST...F.JL...."DE|
| 53 54 00 00 09 46 01 0f 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 01 0d 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 13 46 4c 7f 11 d1 82 22 44 45 |ST...F.FL...."DE|
| 53 54 00 00 39 62 e3 62 ab 2e ee d9 41 b3 dc 30 |ST..9b.b....A..0|
| e5 12 89 82                                     |....            |
checking mac (len 292, version 301, ct 23 seq 13)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| 39 62 e3 62 ab 2e ee d9 41 b3 dc 30 e5 12 89 82 |9b.b....A..0....|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 292, seq = 790, nxtseq = 1082
dissect_ssl3_record decrypted len 292
decrypted app data fragment[292]:
| 2a 02 74 24 01 1e 00 02 00 04 00 00 00 00 00 04 |*.t$............|
| 00 05 01 10 09 46 01 0a 4c 7f 11 d1 82 22 44 45 |.....F..L...."DE|
| 53 54 00 00 09 46 01 0b 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 13 45 4c 7f 11 d1 82 22 44 45 |ST...F.EL...."DE|
| 53 54 00 00 09 46 01 ff 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 74 8f 24 20 62 87 11 d1 82 22 44 45 |ST..t.$ b...."DE|
| 53 54 00 00 09 46 13 43 4c 7f 11 d1 82 22 44 45 |ST...F.CL...."DE|
| 53 54 00 00 09 46 13 41 4c 7f 11 d1 82 22 44 45 |ST...F.AL...."DE|
| 53 54 00 00 09 46 01 04 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 01 05 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 00 00 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 01 03 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 01 01 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 13 4d 4c 7f 11 d1 82 22 44 45 |ST...F.ML...."DE|
| 53 54 00 00 09 46 13 4a 4c 7f 11 d1 82 22 44 45 |ST...F.JL...."DE|
| 53 54 00 00 09 46 01 0f 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 01 0d 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE|
| 53 54 00 00 09 46 13 46 4c 7f 11 d1 82 22 44 45 |ST...F.FL...."DE|
| 53 54 00 00                                     |ST..            |
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE
  record: offset = 313, reported_length_remaining = 426
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 48, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 48
Ciphertext[48]:
| e9 9c 47 1e 62 07 8e 9b 3d 46 00 3d 32 96 f2 a5 |..G.b...=F.=2...|
| 63 db dc 15 d1 a7 1c 54 c7 4e 51 62 eb 7a 97 b5 |c......T.NQb.z..|
| 20 75 6e bd c4 34 61 5c 66 60 1e b4 f9 61 50 46 | un..4a\f`...aPF|
Plaintext[48]:
| 2a 02 74 25 00 1a 00 04 00 02 00 00 00 00 00 02 |*.t%............|
| 00 00 00 00 03 db 1f 40 03 e7 03 e7 00 00 00 00 |.......@........|
| 5a d1 36 d5 98 f7 7b 0c 3d 39 89 49 58 23 73 6b |Z.6...{.=9.IX#sk|
checking mac (len 32, version 301, ct 23 seq 14)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| 5a d1 36 d5 98 f7 7b 0c 3d 39 89 49 58 23 73 6b |Z.6...{.=9.IX#sk|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 32, seq = 1082, nxtseq = 1114
dissect_ssl3_record decrypted len 32
decrypted app data fragment[32]:
| 2a 02 74 25 00 1a 00 04 00 02 00 00 00 00 00 02 |*.t%............|
| 00 00 00 00 03 db 1f 40 03 e7 03 e7 00 00 00 00 |.......@........|
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE
  record: offset = 366, reported_length_remaining = 373
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 40, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 40
Ciphertext[40]:
| 70 0c 5a 58 23 13 6e 32 54 fa 5c 3d ab 46 32 76 |p.ZX#.n2T.\=.F2v|
| 93 c8 8a 18 e8 d1 04 40 6e b0 08 3d d1 dd 0d c2 |.......@n..=....|
| 48 4b 20 f5 a4 85 cd 6a                         |HK ....j        |
Plaintext[40]:
| 2a 02 74 26 00 12 00 01 00 1e 00 00 00 00 00 1e |*.t&............|
| 00 06 00 04 00 00 00 00 25 4b ed a7 57 44 49 99 |........%K..WDI.|
| 03 b3 e3 44 ef 3f ca f0                         |...D.?..        |
checking mac (len 24, version 301, ct 23 seq 15)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| 25 4b ed a7 57 44 49 99 03 b3 e3 44 ef 3f ca f0 |%K..WDI....D.?..|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 24, seq = 1114, nxtseq = 1138
dissect_ssl3_record decrypted len 24
decrypted app data fragment[24]:
| 2a 02 74 26 00 12 00 01 00 1e 00 00 00 00 00 1e |*.t&............|
| 00 06 00 04 00 00 00 00                         |........        |
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE
  record: offset = 411, reported_length_remaining = 328
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 136, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 136
Ciphertext[136]:
| 1f ba a5 f4 2a 68 46 e6 2d 41 8a f0 43 74 e1 87 |....*hF.-A..Ct..|
| 26 74 1d 7d 59 1d 10 a1 4d d4 4c 69 9b 32 d0 8e |&t.}Y...M.Li.2..|
| 5a 0f f3 07 e3 e5 3c 91 90 54 76 fd 1c f5 68 18 |Z.....<..Tv...h.|
| a6 45 52 f7 48 ec f3 a9 f4 79 d3 21 83 ff 56 69 |.ER.H....y.!..Vi|
| 04 59 e0 dc cd 58 34 ed 11 4e 13 55 af 52 c1 9b |.Y...X4..N.U.R..|
| 20 59 db cb 00 49 6b 81 1f 89 15 b9 e3 fb 2f f2 | Y...Ik......./.|
| 1b b8 5b 26 0b 5b 4d 67 8a 00 7b 19 19 c9 9f 4c |..[&.[Mg..{....L|
| a0 4e 4a e3 2a 76 91 69 f9 8e 7c ac e1 ce 95 38 |.NJ.*v.i..|....8|
| 7d 7c 86 34 b3 36 e1 de                         |}|.4.6..        |
Plaintext[136]:
| 2a 02 74 27 00 72 00 01 00 02 00 00 00 00 00 02 |*.t'.r..........|
| 00 22 00 01 01 10 19 d8 00 01 00 04 01 10 19 d8 |."..............|
| 00 24 00 01 01 10 19 d8 00 13 00 03 01 10 19 d8 |.$..............|
| 00 02 00 01 01 10 19 d8 00 25 00 01 01 10 19 d8 |.........%......|
| 00 03 00 01 01 10 19 d8 00 15 00 01 01 10 19 d8 |................|
| 00 04 00 01 01 10 19 d8 00 06 00 01 01 10 19 d8 |................|
| 00 09 00 01 01 10 19 d8 00 0a 00 01 01 10 19 d8 |................|
| 00 0b 00 01 01 10 19 d8 9d 75 c6 1f a8 f6 9f 3b |.........u.....;|
| 72 46 a6 39 e3 cb fc 7f                         |rF.9....        |
checking mac (len 120, version 301, ct 23 seq 16)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| 9d 75 c6 1f a8 f6 9f 3b 72 46 a6 39 e3 cb fc 7f |.u.....;rF.9....|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 120, seq = 1138, nxtseq = 1258
dissect_ssl3_record decrypted len 120
decrypted app data fragment[120]:
| 2a 02 74 27 00 72 00 01 00 02 00 00 00 00 00 02 |*.t'.r..........|
| 00 22 00 01 01 10 19 d8 00 01 00 04 01 10 19 d8 |."..............|
| 00 24 00 01 01 10 19 d8 00 13 00 03 01 10 19 d8 |.$..............|
| 00 02 00 01 01 10 19 d8 00 25 00 01 01 10 19 d8 |.........%......|
| 00 03 00 01 01 10 19 d8 00 15 00 01 01 10 19 d8 |................|
| 00 04 00 01 01 10 19 d8 00 06 00 01 01 10 19 d8 |................|
| 00 09 00 01 01 10 19 d8 00 0a 00 01 01 10 19 d8 |................|
| 00 0b 00 01 01 10 19 d8                         |........        |
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE
  record: offset = 552, reported_length_remaining = 187
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 34, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 34
Ciphertext[34]:
| 4c 6d ff df 47 17 07 81 e5 e0 4c 93 00 a0 17 8d |Lm..G.....L.....|
| b8 3f 50 3e 3f 27 fc 6c e7 1a c2 09 97 ab cf 43 |.?P>?'.l.......C|
| 09 21                                           |.!              |
Plaintext[34]:
| 2a 02 74 28 00 0c 00 01 00 04 00 00 12 7f 00 04 |*.t(............|
| 00 18 3b 02 26 8f 2f b3 48 0e b5 e3 9e cc 97 11 |..;.&./.H.......|
| c7 89                                           |..              |
checking mac (len 18, version 301, ct 23 seq 17)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| 3b 02 26 8f 2f b3 48 0e b5 e3 9e cc 97 11 c7 89 |;.&./.H.........|
ssl_decrypt_record: mac ok
ssl_add_data_info: new data inserted data_len = 18, seq = 1258, nxtseq = 1276
dissect_ssl3_record decrypted len 18
decrypted app data fragment[18]:
| 2a 02 74 28 00 0c 00 01 00 04 00 00 12 7f 00 04 |*.t(............|
| 00 18                                           |..              |
process_ssl_payload: found handle 0000000006234800 (http)
packet_from_server: is from server - FALSE

------> End Frame #49 <------

After this point, the next outbound frame #63 shows a "mac failed" and doesn't
decode the data. I suspect that since the decryption stream is out of sync,
it's never going to decode any more outbound frames.

------> Frame #63 <------

dissect_ssl enter frame #63 (first time)
packet_from_server: is from server - FALSE
  conversation = 00000000045A59B0, ssl_session = 00000000045A61B0
  record: offset = 0, reported_length_remaining = 37
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x23F
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
ssl_decrypt_record ciphertext len 32
Ciphertext[32]:
| ac 67 15 e7 2b 8f 0c 10 21 a0 6f 70 c0 55 2e 8f |.g..+...!.op.U..|
| d6 8f 5c 79 7f a2 28 c5 61 0d 78 c6 f8 9a bc 56 |..\y..(.a.x....V|
Plaintext[32]:
| 83 21 10 3a 4d 62 54 ec 33 67 21 b2 fe cd b5 00 |.!.:MbT.3g!.....|
| 3b 92 15 05 d1 f6 36 a7 8c c3 5d 4d 0d 5b 7a a0 |;.....6...]M.[z.|
checking mac (len 16, version 301, ct 23 seq 18)
tls_check_mac mac type:MD5 md 1
Mac[16]:
| 1b 84 67 af 86 a0 84 ca eb 0a b0 59 85 32 ca ec |..g........Y.2..|
ssl_decrypt_record: mac failed

------> End Frame #63 <------

Something similar happens with the inbound stream as well. At some point, a mac
processing failure happens, and then you get a few "Ignored Unknown Records"
before it eventually just goes back to reporting on the records and not
actually decrypting them. I haven't dived into the receive side as much as the
send side as I'm curious about data being sent, not the stuff received. But, my
money is on the two being related. Without going into too much detail, it seems
that the decoding stops after it has reassembled a PDU. There are two entries
in the tree for "Secure Sockets Layer" and a reassembled TCP segment. The
reassembled part is properly decoded, and is listed as (first time) in the log.
But then the same frame shows up again as (first time). The data there all
seems to be decoded, but immediately after that there is an "Ignored Unknown
Record" entry. After that point, nothing decodes properly. I'm not sure the
record itself actually unknown, but the client doesn't seem to be bothered by
this. So, it's either something wireshark isn't familiar with but is in the NSS
library, or it's a bug somewhere in the decoding of those packets.

I can provide the .pcap files, logs, and other information, but I'd rather not
post them publicly as they do have some personal data in them that I'd rather
not expose (namely my screen name the screen names of my friends). I will be
happy to send them to someone directly should they wish to investigate.

Let me know if there is anything further I can provide. I have access to VS2015
so can debug things if needed, and the issues seem rather reproducible. So,
I'll be happy to test any fixes you might come up with.


You are receiving this mail because:
  • You are watching all bug changes.