I'm having some trouble getting SSL decryption to work. Using
Wireshark 0.99.3a (as provided by CentOS 4), I'm trying to decrypt
SMTP with STARTTLS on my mail server. When I enter an RSA keys list
as follows:
127.0.0.1,25,smtp,/etc/pki/tls/private/mail.key
I get the following error on my terminal:
association_add() could not find handle for protocol:smtp
When I instead try to decrypt HTTPS with this RSA keys list:
198.146.154.14,443,http,/etc/pki/tls/private/mail.key;127.0.0.1,443,http,/etc/pki/tls/private/mail.key
Decryption fails. Wireshark reports encrypted SSL traffic as "TLSv1
Application Data", and when I go under the Analyze menu and choose
Follow SSL stream, I get a zero byte conversation. I checked the SSL
debug log, and the only entries that sound like possible errors are
"decrypt_ssl3_record: no session key" and "ssl_restore_session can't
find stored session".
Any suggestions?
Thanks.
Josh Kelley