Wireshark-users: Re: [Wireshark-users] question about bug 3303

From: Sake Blok <sake@xxxxxxxxxx>
Date: Fri, 3 Sep 2010 17:31:16 +0200
On 3 sep 2010, at 16:58, kolos_ws@xxxxxxxx wrote:

>>> Although it is categorised as 'Low Normal' importance at the moment, in my
>>> case it is a showstopper and would love to see it resolved.
>> 
>> Are you sure you are encountering the same issue? There were some 
>> reports of similar issues that actually had a different cause. Will you 
>> be able to post a capture file showing the issue you have at hand? That 
>> way it can be determined if you run into the same issue. You can attach 
>> the tracefile to the bug-report. If necessary, you can mark it as 
>> private so that only the core-developers have access to it.
> 
> I'm not sure if I can post a capture file (probably I can't), but the 
> reason why I think that it's this issue is that I see the following in my 
> SSL debug log:
> 
> [..]
> dissect_ssl enter frame #217 (first time)
>   conversation = 0xafa51a70, ssl_session = 0xafa51cc0
>   record: offset = 0, reported_length_remaining = 1747
> dissect_ssl3_record found version 0x0301 -> state 0x11
> dissect_ssl3_record: content_type 22
> decrypt_ssl3_record: app_data len 1742 ssl, state 0x11
> association_find: TCP port 8080 found 0x1bc5ac8
> packet_from_server: is from server - TRUE
> decrypt_ssl3_record: using server decoder
> decrypt_ssl3_record: no decoder available
> dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 1747
> dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
> dissect_ssl3_hnd_srv_hello found CIPHER 0x0016 -> state 0x17
> dissect_ssl3_hnd_srv_hello trying to generate keys
> ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)
> dissect_ssl3_hnd_srv_hello can't generate keyring material
> dissect_ssl3_handshake iteration 0 type 11 offset 79 length 1232 bytes, remaining 1747
> dissect_ssl3_handshake iteration 0 type 12 offset 1315 length 424 bytes, remaining 1747
> dissect_ssl3_handshake iteration 0 type 14 offset 1743 length 0 bytes, remaining 1747
> [..]
> 
> The URL on the Bugzilla page for issue 3303 refers to a message on this 
> email list 
> (http://www.wireshark.org/lists/wireshark-users/200903/msg00047.html) 
> which seems to have the same error message.
> 
> In all my captures I see that the packet containing "Server Hello, 
> Certificate, Server Key Exchange, Encrypted Handshake Message" is 
> fragmented and I can't raise the MTU in my environment.
> 
> Is this the same issue you think?

Not sure, I'd have to look closer into your debugging to determine. It would really help if you could send the tracefile (at least all the packets that do the SSL handshake, I don't need the Application data packets). You may send it privately to me if that makes it possible for you to send it.

Cheers,


Sake