Wireshark-users: [Wireshark-users] SSL: key exchange 0 different from KEX_RSA (16)

From: Guy Deffaux <guy@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 05 Jul 2010 21:29:05 +0700
Has anyone seen this problem before? I am testing Wireshark 1.3.5 with SSL. Certs have been created with the 2 following commands (so I get the -----BEGIN RSA PRIVATE KEY----- content for private key, Wireshark loads it properly)

openssl genrsa -out privkey1.pem 2048
openssl req -new -x509 -days 1000 -out pubcert1.pem -nodes -key privkey1.pem -subj /CN=192.168.1.2

Calling the server via a "curl -k", communication goes ok. Snooping the traffic, I get the following message which prevents the message decryption.

dissect_ssl enter frame #8 (first time)
 conversation = 06311878, ssl_session = 06311BDC
 record: offset = 0, reported_length_remaining = 198
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 134, ssl state 0x13
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 130 bytes, remaining 139 ---> ssl_decrypt_pre_master_secret key exchange 0 different from KEX_RSA (16) <---
dissect_ssl3_handshake can't decrypt pre master secret
 record: offset = 139, reported_length_remaining = 59

Has anyone seen this?

I have uploaded pcap file, wireshark log, priv and cert at http://www.geckotechnology.com/sites/default/files/sslissue_100705.zip

Any hint is welcome.

guy