On 20 aug 2012, at 21:49, Bas Nedermeijer wrote:
> On Monday 20 August 2012 21:21:42 Sake Blok wrote:
>> On 20 aug 2012, at 21:05, Bas Nedermeijer wrote:
>>> The ssl.debug file (partial) of the Linux version (which fails). Some
>>> filenames have been altered. But the KeyID shows it is the same private
>>> key. [...]
>>> ssl_decrypt_pre_master_secret wrong pre_master_secret length (87, expected
>>> 48) dissect_ssl3_handshake can't decrypt pre master secret
>>
>> Are you sure the configured key matches the certificate in the tracefile?
>> Every time I have encountered the above messages, I was using a key that
>> did not match the certificate
>
> I am pretty sure, the keyid in the logfiles is the same. And the (captured)
> data is captured on the windows machine, and loaded on the linux machine. So
> those are also the same.
>
> The only thing I had to convert was the pfx file, the linux wireshark did not
> want to load it. So I had to extract the private key, and remove the password
> from the key. (I do not give the certificate to wireshark on linux).
Hmm... strange... A while ago someone did have problems with one version of the GnuTLS library, but I'm not sure what the symptoms were in the ssl-debug file. Are you able to upgrade your SSL libraries?
Could you also post the ssl-debug from from the Windows box up till the line "dissect_ssl enter frame #55 (first time)"?
>>> I hope this is enough information. I cannot share the actual captured data
>>> and key. But if needed I think I can reproduce the problem with a
>>> self-signed key (and dummy session).
>>
>> If you do have a matching certificate and key and you still get this
>> message, please reproduce the issue with files that you can share :-)
>
> I'll try to find a IIS machine I can use (need to load a self-signed key).
OK
Cheers,
Sake