Wireshark-users: Re: [Wireshark-users] ssl decryption question
From: Tatar Kolos <kolos@xxxxxxxx>
Date: Wed, 6 Dec 2006 17:30:49 +0100 (CET)
Hi, On Wed, 6 Dec 2006, Joerg Mayer wrote:
On Wed, Dec 06, 2006 at 04:22:47PM +0100, Tatar Kolos wrote: Hi,Can anyone tell me what kind of problem is described in this ssldebug.log file?dissect_ssl3_handshake found SSL_HND_CLIENT_KEY_EXCHG state 17 ssl_decrypt_pre_master_secret key 17 diferent from KEX_RSA(16) dissect_ssl3_handshake can't decrypt pre master secret
Looks like it can't read the key file or the key inside the keyfile is wrong. Can you please post the leading ~30 lines, where it ready the keyfile?
I've pasted the debug file from the beginning below. Thanks, Kolos ssl_init keys string 172.31.96.94,443,http,/home/kolos/pemz/mx.pem;172.31.96.207,8181,http,/home/ kolos/pemz/server.key ssl_init found host entry 172.31.96.94,443,http,/home/kolos/pemz/mx.pem ssl_init addr 172.31.96.94 port 443 filename /home/kolos/pemz/mx.pem ssl_get_version: 1.2.10 ssl_init private key file /home/kolos/pemz/mx.pem successfully loaded association_add TCP port 443 protocol http handle 0x8464be0 ssl_init found host entry 172.31.96.207,8181,http,/home/kolos/pemz/server.key ssl_init addr 172.31.96.207 port 8181 filename /home/kolos/pemz/server.key ssl_get_version: 1.2.10 ssl_init private key file /home/kolos/pemz/server.key successfully loaded association_add TCP port 8181 protocol http handle 0x8464be0 association_find: TCP port 443 found 0x90c10a8 ssl_association_remove removing TCP 443 - http handle 0x8464be0 association_add TCP port 443 protocol http handle 0x8464be0 association_find: TCP port 636 found 0x8715b80 ssl_association_remove removing TCP 636 - ldap handle 0x84808e0 association_add TCP port 636 protocol ldap handle 0x84808e0 association_find: TCP port 993 found 0x8715ba8 ssl_association_remove removing TCP 993 - imap handle 0x8458880 association_add TCP port 993 protocol imap handle 0x8458880 association_find: TCP port 995 found 0x8715bd0 ssl_association_remove removing TCP 995 - pop handle 0x84f0128 association_add TCP port 995 protocol pop handle 0x84f0128 dissect_ssl enter frame #26 dissect_ssl3_record: content_type 23 association_find: TCP port 1024 found (nil) association_find: TCP port 8181 found 0x91da478 dissect_ssl enter frame #15 ssl_session_init: initializing ptr 0xb2d2cb18 size 568 association_find: TCP port 1024 found (nil) packet_from_server: is from server 0 dissect_ssl server 172.31.96.207:8181 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 77 ssl state 0 decrypt_ssl3_record: no session key dissect_ssl3_handshake iteration 1 type 1 offset 5 length 73 bytes, remaining 82 dissect_ssl3_hnd_hello_common found random state 1 dissect_ssl enter frame #17 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 1085 ssl state 11 decrypt_ssl3_record: no session key dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 1090 dissect_ssl3_hnd_hello_common found random state 13 dissect_ssl3_hnd_srv_hello found cipher 16, state 17 dissect_ssl3_hnd_srv_hello not enough data to generate key (required 37) dissect_ssl3_handshake iteration 0 type 11 offset 79 length 606 bytes, remaining 1090 dissect_ssl3_handshake iteration 0 type 12 offset 689 length 393 bytes, remaining 1090 dissect_ssl3_handshake iteration 0 type 14 offset 1086 length 0 bytes, remaining 1090 dissect_ssl enter frame #19 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 134 ssl state 17 decrypt_ssl3_record: no session key dissect_ssl3_handshake iteration 1 type 16 offset 5 length 130 bytes, remaining 139 dissect_ssl3_handshake found SSL_HND_CLIENT_KEY_EXCHG state 17 ssl_decrypt_pre_master_secret key 17 diferent from KEX_RSA(16) dissect_ssl3_handshake can't decrypt pre master secret dissect_ssl3_record: content_type 20 dissect_ssl3_change_cipher_spec dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 40 ssl state 17 decrypt_ssl3_record: no session key dissect_ssl3_handshake iteration 1 type 97 offset 150 length 10209886 bytes, remaining 190 dissect_ssl enter frame #22 dissect_ssl3_record: content_type 20 dissect_ssl3_change_cipher_spec dissect_ssl enter frame #24 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 40 ssl state 17 decrypt_ssl3_record: no session key dissect_ssl3_handshake iteration 1 type 193 offset 5 length 6723141 bytes, remaining 45 dissect_ssl enter frame #26 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 360 ssl state 17 decrypt_ssl3_record: no session key association_find: TCP port 1024 found (nil) association_find: TCP port 8181 found 0x91da478 dissect_ssl enter frame #30 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 256 ssl state 17 decrypt_ssl3_record: no session key association_find: TCP port 8181 found 0x91da478 dissect_ssl enter frame #32 dissect_ssl3_record: content_type 21 decrypt_ssl3_record: app_data len 24 ssl state 17 decrypt_ssl3_record: no session key dissect_ssl enter frame #35 dissect_ssl enter frame #36 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 1720 ssl state 17 decrypt_ssl3_record: no session key association_find: TCP port 8181 found 0x91da478 dissect_ssl enter frame #37 dissect_ssl3_record: content_type 21 decrypt_ssl3_record: app_data len 24 ssl state 17 decrypt_ssl3_record: no session key dissect_ssl enter frame #49 ssl_session_init: initializing ptr 0xb2d2d588 size 568 association_find: TCP port 1025 found (nil) packet_from_server: is from server 0 dissect_ssl server 172.31.96.207:8181 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 77 ssl state 0 decrypt_ssl3_record: no session key dissect_ssl3_handshake iteration 1 type 1 offset 5 length 73 bytes, remaining 82 dissect_ssl3_hnd_hello_common found random state 1 dissect_ssl enter frame #51 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 1085 ssl state 11 decrypt_ssl3_record: no session key dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 1090 dissect_ssl3_hnd_hello_common found random state 13 dissect_ssl3_hnd_srv_hello found cipher 16, state 17 dissect_ssl3_hnd_srv_hello not enough data to generate key (required 37) dissect_ssl3_handshake iteration 0 type 11 offset 79 length 606 bytes, remaining 1090 dissect_ssl3_handshake iteration 0 type 12 offset 689 length 393 bytes, remaining 1090 dissect_ssl3_handshake iteration 0 type 14 offset 1086 length 0 bytes, remaining 1090 dissect_ssl enter frame #53 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 134 ssl state 17 decrypt_ssl3_record: no session key dissect_ssl3_handshake iteration 1 type 16 offset 5 length 130 bytes, remaining 139 dissect_ssl3_handshake found SSL_HND_CLIENT_KEY_EXCHG state 17 ssl_decrypt_pre_master_secret key 17 diferent from KEX_RSA(16) dissect_ssl3_handshake can't decrypt pre master secret dissect_ssl3_record: content_type 20 dissect_ssl3_change_cipher_spec dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 40 ssl state 17 decrypt_ssl3_record: no session key dissect_ssl3_handshake iteration 1 type 150 offset 150 length 10163994 bytes, remaining 190 dissect_ssl enter frame #55 dissect_ssl3_record: content_type 20 dissect_ssl3_change_cipher_spec dissect_ssl enter frame #57 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 40 ssl state 17 decrypt_ssl3_record: no session key dissect_ssl3_handshake iteration 1 type 169 offset 5 length 10484740 bytes, remaining 45 dissect_ssl enter frame #59 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 360 ssl state 17 decrypt_ssl3_record: no session key association_find: TCP port 1025 found (nil) association_find: TCP port 8181 found 0x91da478 dissect_ssl enter frame #63 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 256 ssl state 17 decrypt_ssl3_record: no session key
- References:
- [Wireshark-users] ssl decryption question
- From: Tatar Kolos
- Re: [Wireshark-users] ssl decryption question
- From: Joerg Mayer
- [Wireshark-users] ssl decryption question
- Prev by Date: Re: [Wireshark-users] openvpn and packet sniffing
- Next by Date: [Wireshark-users] ANNOUNCE: WinPcap 4.0 beta3 has been released
- Previous by thread: Re: [Wireshark-users] ssl decryption question
- Next by thread: [Wireshark-users] ANNOUNCE: WinPcap 4.0 beta3 has been released
- Index(es):