Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12042] New: wireshark doesn't decrypt 2-way SSL traffic

Wireshark-bugs: [Wireshark-bugs] [Bug 12042] New: wireshark doesn't decrypt 2-way SSL traffic

Date: Sun, 24 Jan 2016 04:41:59 +0000

Bug ID	12042
Summary	wireshark doesn't decrypt 2-way SSL traffic
Product	Wireshark
Version	unspecified
Hardware	x86
OS	Mac OS X 10.11
Status	CONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 14270 [details]
2-way ssl conversation which you should be able to decrypt and the private key
to decrypt it

Build Information:
Wireshark 2.0.1 (v2.0.1-0-g59ea380 from master-2.0)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with libpcap, without POSIX capabilities, with
libz 1.2.5, with GLib 2.36.0, with SMI 0.4.8, without c-ares, without ADNS,
with
Lua 5.2, with GnuTLS 2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP,
with QtMultimedia, without AirPcap.

Running on Mac OS X 10.11.1, build 15B42 (Darwin 15.0.0), with locale C, with
libpcap version 1.5.3 - Apple version 54, with libz 1.2.5, with GnuTLS 2.12.19,
with Gcrypt 1.5.0.
Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz (with SSE4.2)

Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).

--
setup apache for 2 way SSL and disabled diffie hellman.  when I apply the
server private key, wireshark is not decrypting the SSL traffic.  when I look
at the debug log I can see the message:

ssl_restore_master_key can't find pre-master secret by Encrypted pre-master
secret

Even though looking at the dissector, I can see the encrypted pre-master secret
in the bottom window.

When I turn off 2-way ssl, wireshark can decrypt the conversation without a
problem.

I am including a pcap which can't be decrypted and the private key that should
decrypt the conversation.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 12042] wireshark doesn't decrypt 2-way SSL traffic
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12042] SSL decryption fails in presence of a Client certificate
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12042] SSL decryption fails in presence of a Client certificate
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12042] SSL decryption fails in presence of a Client certificate
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12042] SSL decryption fails in presence of a Client certificate
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12042] SSL decryption fails in presence of a Client certificate
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 11364] Turning monitor mode on or off doesn't change the list of link-layer types available
Next by Date: [Wireshark-bugs] [Bug 11843] [SIGSEGV] RTP Player crashes when attempted to play a stream
Previous by thread: [Wireshark-bugs] [Bug 11364] Turning monitor mode on or off doesn't change the list of link-layer types available
Next by thread: [Wireshark-bugs] [Bug 12042] wireshark doesn't decrypt 2-way SSL traffic
Index(es):
- Date
- Thread