Wireshark-users: Re: [Wireshark-users] Can't decrypt "snakeoil2" sample SSL session from wiki

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Sake Blok <sake@xxxxxxxxxx>
Date: Mon, 10 Sep 2012 22:59:21 +0200
On 10 sep 2012, at 22:45, Gerald Combs wrote:

> On 9/10/12 1:32 PM, Sake Blok wrote:
>> Usually that means that you are using a private key that does not match the certificate. But it is the 3rd time I hear problems (on Linux) with decrypting the traffic with a key that is indeed matching the certificate. It might be the version of your SSL libraries that has a bug. Or Wireshark has a bug in the linux version. Could you file a bugreport on https://bugs.wireshark.org?
> 
> For what it's worth the Buildbot tests decryption of rsasnakeoil2.cap
> via test/suite-decryption.sh. We currently run tests on Windows XP,
> Windows 7, Ubuntu 12.04 and Solaris 10.

The latest test being done had the following version info:

TShark 1.9.0-SVN-44852 (SVN Rev 44852 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.32.3, with libpcap, with libz 1.2.3.4, with POSIX
capabilities (Linux), without libnl, with SMI 0.4.8, with c-ares 1.7.5, without
Lua, without Python, with GnuTLS 2.12.14, with Gcrypt 1.5.0, with MIT Kerberos,
with GeoIP.

Running on Linux 3.2.0-29-generic, with locale en_US.UTF-8, with libpcap version
1.1.1, with libz 1.2.3.4.

Built using gcc 4.6.3.

And it decrypted OK.

Your version info:

Compiled (32-bit) with GTK+ 2.24.10, with Cairo 1.10.2, with Pango
 1.29.4, with
 GLib 2.30.3, with libpcap, with libz 1.2.5.1, with POSIX capabilities
 (Linux),
 without SMI, without c-ares, without ADNS, without Lua, without
 Python, with
 GnuTLS 2.12.18, with Gcrypt 1.5.0, without Kerberos, without GeoIP,
 without
 PortAudio, with AirPcap.

 Running on Linux 3.2.12-gentoogbe, without locale, with libpcap
 version 1.1.1,
 with libz 1.2.5.1, GnuTLS 2.12.18, Gcrypt 1.5.0, without AirPcap.

 Built using gcc 4.5.3.


You might want to try GnuTLS 2.12.14? Or it could be a 64 bit problem in one of the libraries. Maybe someone with a 64 bit ubuntu can check? I lack the time at the moment :-(

Cheers,
Sake