Wireshark-users: Re: [Wireshark-users] Strange SSL decode issue (SUPL, ULP)

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Sake Blok <sake@xxxxxxxxxx>
Date: Tue, 28 Apr 2015 13:04:37 +0200
On 27 apr 2015, at 14:46, Ralf G. R. Bergs wrote:

I enabled the SSL debug logging, and I noticed the following: For the trace that can't be decrypted I see the following:
ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17
ssl_decrypt_pre_master_secret: session uses DH (17) key exchange, which is impossible to decrypt
while for the snoop that can be decrypted I see the following:
ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17
pre master encrypted[256]:
and then a key in hex follows.

I can see from the snoop that the SSL/TLS dialog takes place. I see client hello, server hello, certificate, server key exchange, server hello, client key exchange, change cipher spec, encrypted handshake message, change cipher spec, encrypted handshake message, multiple application data packets back and forth, encrypted alerts twice.

So it seems client and server /can/ talk.

Yes, the endpoints can communicate...

Conclusion: Wireshark seems to somehow be able to use the RSA key to decrypt the SSL/TLS traffic.

... but Wireshark is only able to decrypt traffic when a RSA key exchange has been used. In a RSA key exchange, there is no ServerKeyExchange handshake message (used for the Diffie Hellman [DH] key exchange). As the client uses the public key in the Certificate to encrypt the PreMaster data (from which both the client and the server extract the session keys used for encrypting the application data).

In short, in a DH key exchange, wireshark can not decrypt the ClientKeyExchange and therefor can not extract the session keys used for encrypting the data stream.

You can make sure decryption works in three ways:

- Limit the cipher suites on the client, so that it only advertises non-DH ciphersuites
- Limit the cipher suites on the server, so that it only chooses non-DH ciphersuites (from the ciphersuites advertised by the client)
- Make the client or the server log the PreMaster data and point Wireshark to the key log file in the "(Pre-)MasterSecret logfile" SSL protocol preference.

Hope this helps,
Cheers,
Sake