Wireshark-bugs: [Wireshark-bugs] [Bug 11990] New: SSL/TLSv1 Decryption and Display Issues
Date: Sun, 10 Jan 2016 02:31:09 +0000
Bug ID | 11990 |
---|---|
Summary | SSL/TLSv1 Decryption and Display Issues |
Product | Wireshark |
Version | 2.0.1 |
Hardware | x86-64 |
OS | Windows 10 |
Status | CONFIRMED |
Severity | Normal |
Priority | Low |
Component | Dissection engine (libwireshark) |
Assignee | [email protected] |
Reporter | [email protected] |
Build Information: Version 2.0.1 (v2.0.1-0-g59ea380 from master-2.0) Copyright 1998-2015 Gerald Combs <[email protected]> and contributors. License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with GLib 2.42.0, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia, with AirPcap. Running on 64-bit Windows 10, build 10586, with locale C, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap. Intel(R) Core(TM) i7-5820K CPU @ 3.30GHz (with SSE4.2), with 32593MB of physical memory. Built using Microsoft Visual C++ 12.0 build 31101 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- There seem to be a few oddities around SSL/TLS1 packet decryption. This can result in the infamous "Ignored Unknown Record" when receiving data, or out right not displaying data that is being sent. I've been trying to do some work on the OSCAR/AIM protocol, but since it's all switched to SLL and TLS it was a pain to get into. Once I rebuilt a target NSS DLL with some features to dump the pre-master key, I was able to get wireshark to start processing the details. My details and speculation of the issue follow: It seems that when the client sends multiple records in the same frame, that Wireshark can get confused. Immediately after the key exchange, I can see decrypted data sent by the client, similar to this: ------> Frame #33 <------ dissect_ssl enter frame #33 (first time) packet_from_server: is from server - FALSE conversation = 00000000045A59B0, ssl_session = 00000000045A61B0 record: offset = 0, reported_length_remaining = 89 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 84, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 84 Ciphertext[84]: | 2f 2b 68 31 c7 ff 6a 63 54 54 14 9c 9f e4 76 f1 |/+h1..jcTT....v.| | c3 fb 69 38 e0 cd bf bc 8b 32 94 de c4 d3 7e 93 |..i8.....2....~.| | 0b 73 ec 6d 8d af c6 02 b0 77 da 3c 28 0a 96 43 |.s.m.....w.<(..C| | 38 3f 14 f8 70 e6 3f 99 39 e4 ad 27 91 f7 df cf |8?..p.?.9..'....| | cc 33 7c f4 d4 88 1d 46 f3 b4 e8 25 46 b7 ba b7 |.3|....F...%F...| | f4 7c 99 bf |.|.. | Plaintext[84]: | 2a 02 74 19 00 3e 00 01 00 17 00 00 00 00 00 17 |*.t..>..........| | 00 22 00 01 00 01 00 04 00 24 00 01 00 13 00 03 |.".......$......| | 00 02 00 01 00 25 00 01 00 03 00 01 00 15 00 01 |.....%..........| | 00 04 00 01 00 06 00 01 00 09 00 01 00 0a 00 01 |................| | 00 0b 00 01 ea dc 22 61 18 e6 9b 51 92 b4 bc 63 |......"a...Q...c| | da a5 18 c8 |.... | checking mac (len 68, version 301, ct 23 seq 2) tls_check_mac mac type:MD5 md 1 Mac[16]: | ea dc 22 61 18 e6 9b 51 92 b4 bc 63 da a5 18 c8 |.."a...Q...c....| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 68, seq = 493, nxtseq = 561 dissect_ssl3_record decrypted len 68 decrypted app data fragment[68]: | 2a 02 74 19 00 3e 00 01 00 17 00 00 00 00 00 17 |*.t..>..........| | 00 22 00 01 00 01 00 04 00 24 00 01 00 13 00 03 |.".......$......| | 00 02 00 01 00 25 00 01 00 03 00 01 00 15 00 01 |.....%..........| | 00 04 00 01 00 06 00 01 00 09 00 01 00 0a 00 01 |................| | 00 0b 00 01 |.... | process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE ------> End Frame #33 <------ This process continues back and forth with the OSCAR protocol. Wireshark incorrectly identified the sub-dissector as HTTP, but I can't find a way to change that. It is over port 443, but the message is clearly a FLAP format. It'd be nice if that were an option to change, but for the moment I can decode that by hand. At some point, the client sends frame 39, which is a complete TLSv1 record, but for some reason wireshark is displaying [SSL segment of a reassembled PDU] in the info field. This seems a bit odd, since the PDU doesn't seem to be reassembled, although it could be related to the fact that the last ACK was a naked ACK over TCP, so perhaps it's treating it as reassembled with the naked ACK. In either case, here's the packet: ------> Frame #39 <------ dissect_ssl enter frame #39 (first time) packet_from_server: is from server - FALSE conversation = 00000000045A59B0, ssl_session = 00000000045A61B0 record: offset = 0, reported_length_remaining = 47 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 42, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 42 Ciphertext[42]: | 3f ba 76 47 4d e0 63 c6 1b 5d 67 be 4e a2 dd 92 |?.vGM.c..]g.N...| | cb c5 15 81 f3 a7 30 d8 b5 30 b8 b6 92 21 2e 6f |......0..0...!.o| | 0a 77 1a d6 fa 27 d0 d3 2f 66 |.w...'../f | Plaintext[42]: | 2a 02 74 1b 00 14 00 01 00 08 00 00 00 00 00 08 |*.t.............| | 00 01 00 02 00 03 00 04 00 05 e9 b8 20 ad 1b b8 |............ ...| | 8c b9 c2 e0 b4 3b e7 3f b1 ba |.....;.?.. | checking mac (len 26, version 301, ct 23 seq 4) tls_check_mac mac type:MD5 md 1 Mac[16]: | e9 b8 20 ad 1b b8 8c b9 c2 e0 b4 3b e7 3f b1 ba |.. ........;.?..| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 26, seq = 577, nxtseq = 603 dissect_ssl3_record decrypted len 26 decrypted app data fragment[26]: | 2a 02 74 1b 00 14 00 01 00 08 00 00 00 00 00 08 |*.t.............| | 00 01 00 02 00 03 00 04 00 05 |.......... | process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE ------> End Frame #39 <------ The client shows that it's decoded properly in the interface, but it also shows a new entry in the tree of "SSL segment data (26 bytes)" which none of the previous entries had. This segment data shows the app data fragment you see in the packet capture above. It may just be a consistency issue that it's not being displayed on the other packets, or perhaps falsely displayed here. Either way, it still shows the expected "Decrypted SSL data" tab at the bottom of the inspector window. Frame #41 is now sent to the server, and this is where things get.. interesting. It would seem that this frame contains multiple TLSv1 records in it. The info field for this frame reads "Application Data[SSL segment of a reassembled PDU], Application Data, Application Data, Application Data, Application Data, Application Data". There appear to be a total of 7 records in this frame. The first 4 show in the GUI tree as a record with a "SSL segment data" block directly underneath each that contains the plaintext. The next three records have no entry underneath them with the plaintext. At the bottom of the tree are two entries for "3 reassembled SSL segments (60 bytes)" which contain the same three segments from this very frame. I'm not sure why it's listed twice, but it is. Then, it conclude with a 2 segment entry for "2 reassembled SSL segments (42 bytes)", that lists a segment from frame #39 (above), and also a 16 byte segment from this frame (the first segment). The repeated entries I mentioned for the 3 segments, seem to be the next 3 segments after the first that show up. So, the segments 4-7 aren't decoded in the tree anywhere, HOWEVER, they are decoded in tabs at the bottom of the inspector as "Decrypted SSL data". Also, intermixed with those tabs are three "Reassembled SSL" entries, in reverse order from what was presented in the tree above (the last entry in the tree is the left-most entry in the tab list, which seems odd). I've pasted the frame below: ------> Frame #41 <------ dissect_ssl enter frame #41 (first time) packet_from_server: is from server - FALSE conversation = 00000000045A59B0, ssl_session = 00000000045A61B0 record: offset = 0, reported_length_remaining = 318 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 32, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 32 Ciphertext[32]: | f0 7b ab df 6d 6c 9b 49 26 8a 77 bb c3 d1 13 a2 |.{..ml.I&.w.....| | 9a 31 3d db 84 0c fa 5a a8 07 2b bb 7a 3f c5 2b |.1=....Z..+.z?.+| Plaintext[32]: | 2a 02 74 1c 00 0a 00 01 00 0e 00 00 01 0e 00 0e |*.t.............| | 23 58 b4 c2 47 2c 6f 66 65 e3 33 9a 55 69 45 c7 |#X..G,ofe.3.UiE.| checking mac (len 16, version 301, ct 23 seq 5) tls_check_mac mac type:MD5 md 1 Mac[16]: | 23 58 b4 c2 47 2c 6f 66 65 e3 33 9a 55 69 45 c7 |#X..G,ofe.3.UiE.| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 16, seq = 603, nxtseq = 619 dissect_ssl3_record decrypted len 16 decrypted app data fragment[16]: | 2a 02 74 1c 00 0a 00 01 00 0e 00 00 01 0e 00 0e |*.t.............| process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE record: offset = 37, reported_length_remaining = 281 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 38, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 38 Ciphertext[38]: | d1 6b 57 d5 be 09 00 1f 49 d1 3a a7 f1 29 7f ee |.kW.....I.:..)..| | 8a bd e4 1b 21 27 d3 51 e1 5a ae 95 79 63 43 a2 |....!'.Q.Z..ycC.| | 2f ad ae b1 52 bb |/...R. | Plaintext[38]: | 2a 02 74 1d 00 10 00 13 00 02 00 00 00 00 00 02 |*.t.............| | 00 0b 00 02 00 fd 1e bb 97 84 76 44 37 64 d5 77 |..........vD7d.w| | f0 47 6e a9 5f 78 |.Gn._x | checking mac (len 22, version 301, ct 23 seq 6) tls_check_mac mac type:MD5 md 1 Mac[16]: | 1e bb 97 84 76 44 37 64 d5 77 f0 47 6e a9 5f 78 |....vD7d.w.Gn._x| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 22, seq = 619, nxtseq = 641 dissect_ssl3_record decrypted len 22 decrypted app data fragment[22]: | 2a 02 74 1d 00 10 00 13 00 02 00 00 00 00 00 02 |*.t.............| | 00 0b 00 02 00 fd |...... | process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE record: offset = 80, reported_length_remaining = 238 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 38, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 38 Ciphertext[38]: | 1f cd b9 fb 8f 93 21 79 a0 8e 35 cb 03 ae a3 90 |......!y..5.....| | 72 a6 1c f9 8b 91 6d 13 4e 87 6f 09 2c 61 73 52 |r.....m.N.o.,asR| | 1e 9e f1 bc 62 9c |....b. | Plaintext[38]: | 2a 02 74 1e 00 10 00 13 00 05 00 00 7f 42 00 05 |*.t..........B..| | 56 91 a8 e4 00 1a 6b fe 99 ed 83 69 93 6c a7 6e |V.....k....i.l.n| | 83 f7 a2 39 7d 0e |...9}. | checking mac (len 22, version 301, ct 23 seq 7) tls_check_mac mac type:MD5 md 1 Mac[16]: | 6b fe 99 ed 83 69 93 6c a7 6e 83 f7 a2 39 7d 0e |k....i.l.n...9}.| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 22, seq = 641, nxtseq = 663 dissect_ssl3_record decrypted len 22 decrypted app data fragment[22]: | 2a 02 74 1e 00 10 00 13 00 05 00 00 7f 42 00 05 |*.t..........B..| | 56 91 a8 e4 00 1a |V..... | process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE record: offset = 123, reported_length_remaining = 195 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 32, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 32 Ciphertext[32]: | ba dd 55 56 75 23 d7 3a ed ac f0 ad b0 76 e0 f3 |..UVu#.:.....v..| | 67 ab cf c8 b8 77 fd b7 2e c1 1c 0d b5 e0 e1 22 |g....w........."| Plaintext[32]: | 2a 02 74 1f 00 0a 00 02 00 02 00 00 00 00 00 02 |*.t.............| | d6 f5 0d c0 e6 fc 57 7a fa c1 9d b5 f7 32 a7 31 |......Wz.....2.1| checking mac (len 16, version 301, ct 23 seq 8) tls_check_mac mac type:MD5 md 1 Mac[16]: | d6 f5 0d c0 e6 fc 57 7a fa c1 9d b5 f7 32 a7 31 |......Wz.....2.1| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 16, seq = 663, nxtseq = 679 dissect_ssl3_record decrypted len 16 decrypted app data fragment[16]: | 2a 02 74 1f 00 0a 00 02 00 02 00 00 00 00 00 02 |*.t.............| process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE record: offset = 160, reported_length_remaining = 158 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 79, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 79 Ciphertext[79]: | e9 85 70 c8 d4 fe 3d 5b f8 32 30 7a 72 d6 0d 65 |..p...=[.20zr..e| | 17 9b 4b 3f b4 95 74 0c fd af b7 fb e7 42 4f c6 |..K?..t......BO.| | 7d 71 25 ad 28 aa 12 19 e5 bd 01 37 16 68 fa c7 |}q%.(......7.h..| | 80 c9 54 66 97 89 33 53 fb b8 d5 a0 76 43 e8 99 |..Tf..3S....vC..| | de 74 b4 32 ed 83 05 2e 51 50 34 74 64 22 42 |.t.2....QP4td"B | Plaintext[79]: | 2a 02 74 20 00 39 00 03 00 02 00 00 00 00 00 02 |*.t .9..........| | 00 05 00 02 00 17 00 06 00 03 00 00 00 00 07 00 |................| | 01 00 00 08 00 01 01 00 0a 00 14 00 02 00 08 66 |...............f| | 61 63 65 62 6f 6f 6b 00 06 67 6f 6f 67 6c 65 51 |acebook..googleQ| | f7 69 a6 57 72 d7 51 0b 5f 0f c3 e3 54 fd 1c |.i.Wr.Q._...T.. | checking mac (len 63, version 301, ct 23 seq 9) tls_check_mac mac type:MD5 md 1 Mac[16]: | 51 f7 69 a6 57 72 d7 51 0b 5f 0f c3 e3 54 fd 1c |Q.i.Wr.Q._...T..| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 63, seq = 679, nxtseq = 742 dissect_ssl3_record decrypted len 63 decrypted app data fragment[63]: | 2a 02 74 20 00 39 00 03 00 02 00 00 00 00 00 02 |*.t .9..........| | 00 05 00 02 00 17 00 06 00 03 00 00 00 00 07 00 |................| | 01 00 00 08 00 01 01 00 0a 00 14 00 02 00 08 66 |...............f| | 61 63 65 62 6f 6f 6b 00 06 67 6f 6f 67 6c 65 |acebook..google | process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE record: offset = 244, reported_length_remaining = 74 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 32, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 32 Ciphertext[32]: | 10 c3 5f 46 e7 95 26 4f 82 4e 29 6a c8 ef e5 a0 |.._F..&O.N)j....| | 58 ff ee 6a 76 af 3a 6a f8 64 41 b6 1a fe ce 61 |X..jv.:j.dA....a| Plaintext[32]: | 2a 02 74 21 00 0a 00 04 00 04 00 00 00 00 00 04 |*.t!............| | e4 86 00 85 aa cd 1c 70 28 43 24 6a 46 ce 64 9d |.......p(C$jF.d.| checking mac (len 16, version 301, ct 23 seq 10) tls_check_mac mac type:MD5 md 1 Mac[16]: | e4 86 00 85 aa cd 1c 70 28 43 24 6a 46 ce 64 9d |.......p(C$jF.d.| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 16, seq = 742, nxtseq = 758 dissect_ssl3_record decrypted len 16 decrypted app data fragment[16]: | 2a 02 74 21 00 0a 00 04 00 04 00 00 00 00 00 04 |*.t!............| process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE record: offset = 281, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 32, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 32 Ciphertext[32]: | 5f d2 b7 ca af db 50 47 f4 5a 45 d2 67 0c 5a 81 |_.....PG.ZE.g.Z.| | f7 b0 0c d9 6d 93 73 55 5d f8 98 f2 c0 06 b1 9e |....m.sU].......| Plaintext[32]: | 2a 02 74 22 00 0a 00 09 00 02 00 00 00 00 00 02 |*.t"............| | 59 43 3d c8 ab 02 74 28 93 dc 39 8b a2 f1 85 14 |YC=...t(..9.....| checking mac (len 16, version 301, ct 23 seq 11) tls_check_mac mac type:MD5 md 1 Mac[16]: | 59 43 3d c8 ab 02 74 28 93 dc 39 8b a2 f1 85 14 |YC=...t(..9.....| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 16, seq = 758, nxtseq = 774 dissect_ssl3_record decrypted len 16 decrypted app data fragment[16]: | 2a 02 74 22 00 0a 00 09 00 02 00 00 00 00 00 02 |*.t"............| process_ssl_payload: found handle 0000000006234800 (http) ------> End Frame #41 <------ As you can tell, all 7 records seem to be decoded properly. The display of the data is pretty random as to what you get in the UI, but you can piece through it with a bit of effort. As we go down the list, frame #45 seems to be another naked ACK, but frame #46 doesn't display as a [SSL segment of a reassembled PDU] in comparison to frame #33 above. Again, not a huge deal, but something odd. Frame #46 only shows the one record in the "Decrypted SSL data" tab in the inspector. There is no entry in the tree to read the data. ------> End Frame #46 <------ dissect_ssl enter frame #46 (first time) packet_from_server: is from server - FALSE conversation = 00000000045A59B0, ssl_session = 00000000045A61B0 record: offset = 0, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 32, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 32 Ciphertext[32]: | fd ff fd e6 0d 6f 41 50 8a 71 b3 51 15 e8 bf e4 |.....oAP.q.Q....| | dd 76 0a 3d a7 d7 5f 91 34 3d de e0 e2 a8 c2 a5 |.v.=.._.4=......| Plaintext[32]: | 2a 02 74 23 00 0a 00 13 00 07 00 00 00 00 00 07 |*.t#............| | 85 d3 7e eb ab ff 8e 3a dd 22 88 62 41 37 6f 82 |..~....:.".bA7o.| checking mac (len 16, version 301, ct 23 seq 12) tls_check_mac mac type:MD5 md 1 Mac[16]: | 85 d3 7e eb ab ff 8e 3a dd 22 88 62 41 37 6f 82 |..~....:.".bA7o.| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 16, seq = 774, nxtseq = 790 dissect_ssl3_record decrypted len 16 decrypted app data fragment[16]: | 2a 02 74 23 00 0a 00 13 00 07 00 00 00 00 00 07 |*.t#............| process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE ------> End Frame #46 <------ We're still generally okay with the decryption, but frame #49 comes along and we discover that it's an awful lot like #41. However, this time we don't get all the records decoded. There are 7 records located in this frame. The first record's data is 308 bytes long, which decodes into 292 bytes of data. The second is 48 bytes of encrypted data, decoded into 32. The next is 40 decoded into 24. The fourth is 136 decoded into 120, and the fifth is 34 into 18. Why did I stop at five and not go to 6 or 7? There's no more info in the logs to tell me. The UI says there's two more records at length 79 and 59, but the debug log has no more entries after that. In addition, the tabs at the bottom showing decrypted SSL data only count up to 5, matching the ones above (even though out of order). The last two records are just missing from the decoding. ------> Frame #49 <------ dissect_ssl enter frame #49 (first time) packet_from_server: is from server - FALSE conversation = 00000000045A59B0, ssl_session = 00000000045A61B0 record: offset = 0, reported_length_remaining = 739 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 308, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 308 Ciphertext[308]: | 07 a8 33 ad 0f 99 67 a8 a2 d7 5f 7a 95 7d d0 64 |..3...g..._z.}.d| | 62 46 86 a9 d5 cb ed 86 48 98 b9 75 5f df 9e 19 |bF......H..u_...| | c6 6c 2c 14 07 b4 8b e8 bc 2e 46 8f 36 35 ee 14 |.l,.......F.65..| | dc 42 6c 48 ac 6e 62 a8 c3 ea 3c b0 3b 89 b5 2c |.BlH.nb...<.;..,| | 19 73 53 5b a2 eb 3a 26 c9 de 3b 64 58 9d 0f b5 |.sS[..:&..;dX...| | b5 14 8c 62 1e cb c9 33 fe ef a2 10 fe 79 cf 9f |...b...3.....y..| | 68 e1 ab f0 f7 fe 94 b0 fd bb 22 64 20 2a e3 a7 |h........."d *..| | 58 96 d2 af c3 80 45 68 5a a1 0c 4b 66 07 0f bf |X.....EhZ..Kf...| | a6 3c 13 63 1a 4f d6 11 ed c4 36 a4 c9 cc 69 04 |.<.c.O....6...i.| | c3 d7 25 0b 12 b9 0b 95 b1 ad 6c 81 d4 86 4f 35 |..%.......l...O5| | 02 29 6d 42 eb cf 53 9e 9a f7 24 32 4e cd 29 b0 |.)mB..S...$2N.).| | 55 7c a7 b6 3a dd 22 32 67 9f 19 f1 3b eb 02 9b |U|..:."2g...;...| | 45 e4 e5 2e a6 16 a3 5c 21 42 43 ce c2 1b 0a f1 |E......\!BC.....| | 5e 59 46 9e 66 77 19 01 04 97 9a f2 24 50 a8 fe |^YF.fw......$P..| | 28 56 db 7b fe f4 7f 61 b2 5d 68 47 df fa 0e d8 |(V.{...a.]hG....| | 76 0e f1 cf f5 02 10 49 4e 6e c6 50 f7 a5 b3 cc |v......INn.P....| | 35 44 af bd 7f bc b0 51 f1 28 db 80 1a 07 c9 dc |5D.....Q.(......| | 6d 26 e6 95 2d de f9 32 b4 15 92 6e c6 80 6e 20 |m&..-..2...n..n | | ad 90 00 f4 08 4b c1 af df f7 11 61 fe eb ad 5b |.....K.....a...[| | 1b d8 af 92 |.... | Plaintext[308]: | 2a 02 74 24 01 1e 00 02 00 04 00 00 00 00 00 04 |*.t$............| | 00 05 01 10 09 46 01 0a 4c 7f 11 d1 82 22 44 45 |.....F..L...."DE| | 53 54 00 00 09 46 01 0b 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 13 45 4c 7f 11 d1 82 22 44 45 |ST...F.EL...."DE| | 53 54 00 00 09 46 01 ff 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 74 8f 24 20 62 87 11 d1 82 22 44 45 |ST..t.$ b...."DE| | 53 54 00 00 09 46 13 43 4c 7f 11 d1 82 22 44 45 |ST...F.CL...."DE| | 53 54 00 00 09 46 13 41 4c 7f 11 d1 82 22 44 45 |ST...F.AL...."DE| | 53 54 00 00 09 46 01 04 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 01 05 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 00 00 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 01 03 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 01 01 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 13 4d 4c 7f 11 d1 82 22 44 45 |ST...F.ML...."DE| | 53 54 00 00 09 46 13 4a 4c 7f 11 d1 82 22 44 45 |ST...F.JL...."DE| | 53 54 00 00 09 46 01 0f 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 01 0d 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 13 46 4c 7f 11 d1 82 22 44 45 |ST...F.FL...."DE| | 53 54 00 00 39 62 e3 62 ab 2e ee d9 41 b3 dc 30 |ST..9b.b....A..0| | e5 12 89 82 |.... | checking mac (len 292, version 301, ct 23 seq 13) tls_check_mac mac type:MD5 md 1 Mac[16]: | 39 62 e3 62 ab 2e ee d9 41 b3 dc 30 e5 12 89 82 |9b.b....A..0....| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 292, seq = 790, nxtseq = 1082 dissect_ssl3_record decrypted len 292 decrypted app data fragment[292]: | 2a 02 74 24 01 1e 00 02 00 04 00 00 00 00 00 04 |*.t$............| | 00 05 01 10 09 46 01 0a 4c 7f 11 d1 82 22 44 45 |.....F..L...."DE| | 53 54 00 00 09 46 01 0b 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 13 45 4c 7f 11 d1 82 22 44 45 |ST...F.EL...."DE| | 53 54 00 00 09 46 01 ff 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 74 8f 24 20 62 87 11 d1 82 22 44 45 |ST..t.$ b...."DE| | 53 54 00 00 09 46 13 43 4c 7f 11 d1 82 22 44 45 |ST...F.CL...."DE| | 53 54 00 00 09 46 13 41 4c 7f 11 d1 82 22 44 45 |ST...F.AL...."DE| | 53 54 00 00 09 46 01 04 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 01 05 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 00 00 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 01 03 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 01 01 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 13 4d 4c 7f 11 d1 82 22 44 45 |ST...F.ML...."DE| | 53 54 00 00 09 46 13 4a 4c 7f 11 d1 82 22 44 45 |ST...F.JL...."DE| | 53 54 00 00 09 46 01 0f 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 01 0d 4c 7f 11 d1 82 22 44 45 |ST...F..L...."DE| | 53 54 00 00 09 46 13 46 4c 7f 11 d1 82 22 44 45 |ST...F.FL...."DE| | 53 54 00 00 |ST.. | process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE record: offset = 313, reported_length_remaining = 426 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 48, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 48 Ciphertext[48]: | e9 9c 47 1e 62 07 8e 9b 3d 46 00 3d 32 96 f2 a5 |..G.b...=F.=2...| | 63 db dc 15 d1 a7 1c 54 c7 4e 51 62 eb 7a 97 b5 |c......T.NQb.z..| | 20 75 6e bd c4 34 61 5c 66 60 1e b4 f9 61 50 46 | un..4a\f`...aPF| Plaintext[48]: | 2a 02 74 25 00 1a 00 04 00 02 00 00 00 00 00 02 |*.t%............| | 00 00 00 00 03 db 1f 40 03 e7 03 e7 00 00 00 00 |.......@........| | 5a d1 36 d5 98 f7 7b 0c 3d 39 89 49 58 23 73 6b |Z.6...{.=9.IX#sk| checking mac (len 32, version 301, ct 23 seq 14) tls_check_mac mac type:MD5 md 1 Mac[16]: | 5a d1 36 d5 98 f7 7b 0c 3d 39 89 49 58 23 73 6b |Z.6...{.=9.IX#sk| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 32, seq = 1082, nxtseq = 1114 dissect_ssl3_record decrypted len 32 decrypted app data fragment[32]: | 2a 02 74 25 00 1a 00 04 00 02 00 00 00 00 00 02 |*.t%............| | 00 00 00 00 03 db 1f 40 03 e7 03 e7 00 00 00 00 |.......@........| process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE record: offset = 366, reported_length_remaining = 373 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 40, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 40 Ciphertext[40]: | 70 0c 5a 58 23 13 6e 32 54 fa 5c 3d ab 46 32 76 |p.ZX#.n2T.\=.F2v| | 93 c8 8a 18 e8 d1 04 40 6e b0 08 3d d1 dd 0d c2 |.......@n..=....| | 48 4b 20 f5 a4 85 cd 6a |HK ....j | Plaintext[40]: | 2a 02 74 26 00 12 00 01 00 1e 00 00 00 00 00 1e |*.t&............| | 00 06 00 04 00 00 00 00 25 4b ed a7 57 44 49 99 |........%K..WDI.| | 03 b3 e3 44 ef 3f ca f0 |...D.?.. | checking mac (len 24, version 301, ct 23 seq 15) tls_check_mac mac type:MD5 md 1 Mac[16]: | 25 4b ed a7 57 44 49 99 03 b3 e3 44 ef 3f ca f0 |%K..WDI....D.?..| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 24, seq = 1114, nxtseq = 1138 dissect_ssl3_record decrypted len 24 decrypted app data fragment[24]: | 2a 02 74 26 00 12 00 01 00 1e 00 00 00 00 00 1e |*.t&............| | 00 06 00 04 00 00 00 00 |........ | process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE record: offset = 411, reported_length_remaining = 328 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 136, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 136 Ciphertext[136]: | 1f ba a5 f4 2a 68 46 e6 2d 41 8a f0 43 74 e1 87 |....*hF.-A..Ct..| | 26 74 1d 7d 59 1d 10 a1 4d d4 4c 69 9b 32 d0 8e |&t.}Y...M.Li.2..| | 5a 0f f3 07 e3 e5 3c 91 90 54 76 fd 1c f5 68 18 |Z.....<..Tv...h.| | a6 45 52 f7 48 ec f3 a9 f4 79 d3 21 83 ff 56 69 |.ER.H....y.!..Vi| | 04 59 e0 dc cd 58 34 ed 11 4e 13 55 af 52 c1 9b |.Y...X4..N.U.R..| | 20 59 db cb 00 49 6b 81 1f 89 15 b9 e3 fb 2f f2 | Y...Ik......./.| | 1b b8 5b 26 0b 5b 4d 67 8a 00 7b 19 19 c9 9f 4c |..[&.[Mg..{....L| | a0 4e 4a e3 2a 76 91 69 f9 8e 7c ac e1 ce 95 38 |.NJ.*v.i..|....8| | 7d 7c 86 34 b3 36 e1 de |}|.4.6.. | Plaintext[136]: | 2a 02 74 27 00 72 00 01 00 02 00 00 00 00 00 02 |*.t'.r..........| | 00 22 00 01 01 10 19 d8 00 01 00 04 01 10 19 d8 |."..............| | 00 24 00 01 01 10 19 d8 00 13 00 03 01 10 19 d8 |.$..............| | 00 02 00 01 01 10 19 d8 00 25 00 01 01 10 19 d8 |.........%......| | 00 03 00 01 01 10 19 d8 00 15 00 01 01 10 19 d8 |................| | 00 04 00 01 01 10 19 d8 00 06 00 01 01 10 19 d8 |................| | 00 09 00 01 01 10 19 d8 00 0a 00 01 01 10 19 d8 |................| | 00 0b 00 01 01 10 19 d8 9d 75 c6 1f a8 f6 9f 3b |.........u.....;| | 72 46 a6 39 e3 cb fc 7f |rF.9.... | checking mac (len 120, version 301, ct 23 seq 16) tls_check_mac mac type:MD5 md 1 Mac[16]: | 9d 75 c6 1f a8 f6 9f 3b 72 46 a6 39 e3 cb fc 7f |.u.....;rF.9....| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 120, seq = 1138, nxtseq = 1258 dissect_ssl3_record decrypted len 120 decrypted app data fragment[120]: | 2a 02 74 27 00 72 00 01 00 02 00 00 00 00 00 02 |*.t'.r..........| | 00 22 00 01 01 10 19 d8 00 01 00 04 01 10 19 d8 |."..............| | 00 24 00 01 01 10 19 d8 00 13 00 03 01 10 19 d8 |.$..............| | 00 02 00 01 01 10 19 d8 00 25 00 01 01 10 19 d8 |.........%......| | 00 03 00 01 01 10 19 d8 00 15 00 01 01 10 19 d8 |................| | 00 04 00 01 01 10 19 d8 00 06 00 01 01 10 19 d8 |................| | 00 09 00 01 01 10 19 d8 00 0a 00 01 01 10 19 d8 |................| | 00 0b 00 01 01 10 19 d8 |........ | process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE record: offset = 552, reported_length_remaining = 187 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 34, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 34 Ciphertext[34]: | 4c 6d ff df 47 17 07 81 e5 e0 4c 93 00 a0 17 8d |Lm..G.....L.....| | b8 3f 50 3e 3f 27 fc 6c e7 1a c2 09 97 ab cf 43 |.?P>?'.l.......C| | 09 21 |.! | Plaintext[34]: | 2a 02 74 28 00 0c 00 01 00 04 00 00 12 7f 00 04 |*.t(............| | 00 18 3b 02 26 8f 2f b3 48 0e b5 e3 9e cc 97 11 |..;.&./.H.......| | c7 89 |.. | checking mac (len 18, version 301, ct 23 seq 17) tls_check_mac mac type:MD5 md 1 Mac[16]: | 3b 02 26 8f 2f b3 48 0e b5 e3 9e cc 97 11 c7 89 |;.&./.H.........| ssl_decrypt_record: mac ok ssl_add_data_info: new data inserted data_len = 18, seq = 1258, nxtseq = 1276 dissect_ssl3_record decrypted len 18 decrypted app data fragment[18]: | 2a 02 74 28 00 0c 00 01 00 04 00 00 12 7f 00 04 |*.t(............| | 00 18 |.. | process_ssl_payload: found handle 0000000006234800 (http) packet_from_server: is from server - FALSE ------> End Frame #49 <------ After this point, the next outbound frame #63 shows a "mac failed" and doesn't decode the data. I suspect that since the decryption stream is out of sync, it's never going to decode any more outbound frames. ------> Frame #63 <------ dissect_ssl enter frame #63 (first time) packet_from_server: is from server - FALSE conversation = 00000000045A59B0, ssl_session = 00000000045A61B0 record: offset = 0, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 32, ssl state 0x23F packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder ssl_decrypt_record ciphertext len 32 Ciphertext[32]: | ac 67 15 e7 2b 8f 0c 10 21 a0 6f 70 c0 55 2e 8f |.g..+...!.op.U..| | d6 8f 5c 79 7f a2 28 c5 61 0d 78 c6 f8 9a bc 56 |..\y..(.a.x....V| Plaintext[32]: | 83 21 10 3a 4d 62 54 ec 33 67 21 b2 fe cd b5 00 |.!.:MbT.3g!.....| | 3b 92 15 05 d1 f6 36 a7 8c c3 5d 4d 0d 5b 7a a0 |;.....6...]M.[z.| checking mac (len 16, version 301, ct 23 seq 18) tls_check_mac mac type:MD5 md 1 Mac[16]: | 1b 84 67 af 86 a0 84 ca eb 0a b0 59 85 32 ca ec |..g........Y.2..| ssl_decrypt_record: mac failed ------> End Frame #63 <------ Something similar happens with the inbound stream as well. At some point, a mac processing failure happens, and then you get a few "Ignored Unknown Records" before it eventually just goes back to reporting on the records and not actually decrypting them. I haven't dived into the receive side as much as the send side as I'm curious about data being sent, not the stuff received. But, my money is on the two being related. Without going into too much detail, it seems that the decoding stops after it has reassembled a PDU. There are two entries in the tree for "Secure Sockets Layer" and a reassembled TCP segment. The reassembled part is properly decoded, and is listed as (first time) in the log. But then the same frame shows up again as (first time). The data there all seems to be decoded, but immediately after that there is an "Ignored Unknown Record" entry. After that point, nothing decodes properly. I'm not sure the record itself actually unknown, but the client doesn't seem to be bothered by this. So, it's either something wireshark isn't familiar with but is in the NSS library, or it's a bug somewhere in the decoding of those packets. I can provide the .pcap files, logs, and other information, but I'd rather not post them publicly as they do have some personal data in them that I'd rather not expose (namely my screen name the screen names of my friends). I will be happy to send them to someone directly should they wish to investigate. Let me know if there is anything further I can provide. I have access to VS2015 so can debug things if needed, and the issues seem rather reproducible. So, I'll be happy to test any fixes you might come up with.
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 11990] SSL/TLSv1 Decryption and Display Issues
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11990] SSL/TLSv1 Decryption and Display Issues
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11990] SSL/TLSv1 Decryption and Display Issues
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11990] SSL/TLSv1 Decryption and Display Issues
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11990] SSL/TLSv1 Decryption and Display Issues
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11990] SSL/TLSv1 Decryption and Display Issues
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11990] SSL/TLSv1 Decryption and Display Issues
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11990] SSL/TLSv1 Decryption and Display Issues
- Prev by Date: [Wireshark-bugs] [Bug 11980] The filtering speed is impacted by commit b344107d757466e0768a3ef8927852479e926cf6 (Make color filters part of dissection)
- Next by Date: [Wireshark-bugs] [Bug 11988] Qt: change TCP stream on follow don't work
- Previous by thread: [Wireshark-bugs] [Bug 11989] GTK: plugin_if_goto_frame causes Access Violation if called before capture file is loaded
- Next by thread: [Wireshark-bugs] [Bug 11990] SSL/TLSv1 Decryption and Display Issues
- Index(es):