On 10 sep 2012, at 22:02, Grant Edwards wrote:
> I've been trying (and failing) to decrypt an SSL session using my
> server and key. So, I backed up a step and downloaded the
> snakeoil2_070531.tgz sample file from the wiki:
>
> http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=snakeoil2_070531.tgz
>
> I can't get that to decrypt either
[...]
> Below is the ssl debug log that gets created when I run
>
> $ wireshark rsasnakeoil2.cap
>
> One line that looks suspicious is where it says
>
> ssl_decrypt_pre_master_secret wrong pre_master_secret length (128, expected 48)
>
> Any ideas on what's wrong?
Usually that means that you are using a private key that does not match the certificate. But it is the 3rd time I hear problems (on Linux) with decrypting the traffic with a key that is indeed matching the certificate. It might be the version of your SSL libraries that has a bug. Or Wireshark has a bug in the linux version. Could you file a bugreport on https://bugs.wireshark.org?
Cheers,
Sake