Wireshark-users: Re: [Wireshark-users] SSL Decoding fails on Linux, works on Windows 7 64-bit

From: Sake Blok <sake@xxxxxxxxxx>
Date: Wed, 22 Aug 2012 07:33:25 +0200
On 20 aug 2012, at 22:32, Bas Nedermeijer wrote:
> 
> Yes, I have upgraded to GnuTLS 2.12.20, and upgraded libgcrypt to 1.5.0 (and 
> tried some combinations). But the result was the same.
> 
> The ssl-debug logging (from windows) is in my orginal mail, below the log-file 
> of the linux machine and it contains the line you requested.

OK, I missed that :-)

Since the decryption result is different between the two, either they use a different key or one of the decryption functions is broken. Have you tried to use the pem-formatted key from the Linux box on the Windows box? If it works there, your SSL libraries on the Linux box are somehow broken. If it gives the same decrypted PreMaster secret output as on the Linux box, then something went wrong in the key conversion.

You can also double check whether the certificate and key match by exporting the certificate and do the following :

$ (openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
   openssl rsa -noout -modulus -in server.key | openssl md5) | uniq
It should give you one line of output.

(you can export the certificate from the tracefie by selecting the servercertificate in the Certificate handshake message and then right-click and select "Export selected packet bytes))

Cheers,
Sake