This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can’t decrypt TLS

0

I've added the server's private key to the RSA keys list, confirmed the connection is over TLSv1.0 with a DES-CBC3-SHA cipher, and made sure to capture the entire handshake including ClientHello, but Wireshark still can't decrypt the connection. What am I doing wrong?

I've got the debug console open, but it remains blank the whole time - would that have useful info? Since the server is just for testing, I can provide the private key and URL if it would help.

Edit: The server's at https://etscene.net:8888, and the private key is:

-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEA2DZTPF++TUQDBs5eZTswGizop0VB20e2rQN/FaAILXlzXkF1
8VXm2vt5Pv4LX063ojCNa/QwGNM0UbjSqy2PJaKPpSx79e3r6kGkt09JRgZSTsda
wKCnArgx3eOqyviRB26+qXCqmQ7S7C/PYH+Fr4oKLpYDvcibNkbDXTifGilUVKVD
zv/c1Yd/vvl2957uUprNTek2YGPLULBnfjlHfVmqG36GtwRFsB7mgNSbuQ+8bLM1
Tj4cMIJv08oAT4bbspYME1gwOCis669orrA+NLEWqpPloI2F0VtkTJdDGMqjtChf
DmYBebavm+ekeiWFLHvIaws6z/rrm8fkqTAk9MO2epWLhds/yjk7798p9uzbLRfk
vQyBkmjnN5OVXqyf6jSlQPRBV6InOf9N9x9B9aNEPNEn+zevRjYckmBsczzvKBqA
lg2OhM+n5++OPaniqTxnnzfDWx7g3C2WHH7WrJnYaoskqOFhFPypqrFYhCtdFyat
ceHZ38Jgn8627+HUee3lXFNNma/bLguBiKpTizs3FcnYMvRXqtriXZovJXGeGRpU
FesTVXbhg9X5s0gcuYdmWsavla1ntp09BIb/VSM9VUqNfgKNOICrLmpUxG1ZBu/F
uIx+TD+NatggYzvnvE1jMQZQrZ+Gm9sBtWGqcKaSH3eARae9VgBhEmDuCP0CAwEA
AQKCAgEAuMZ0i/wm3lFpZL+o3Eqg6T3H9muxxHydGW8LhKenVXWdqse2y/Dlwe93
xuXFQkY7mVh1A/VDxXN6Gv0gzTm6RCeRK0/BAIO8Qg6nfiE8NaPhY4HrhQPGtwRD
WaXfqGaVSwzR1Gx83yFUEJUrXQSec049NWLu/5oZS2FeRKTHE8yOTWiPcrAnQjTy
b3syuJwSgHXbTuInnmiqsOKRD8ZT2kRuo+CVsILuK3288AzCqH1SQnNE8wERhkNy
3kSbz1spFo4087NCQjxAy4q0o9Xq040kGdMbQwKvgiPgq7P5m45SKPz3f46dZC9E
FLD6V4kJLuL6fMC0GloOUKucNxr1+MXC1T96v1QHbTSqa/PUcE7xpwnXmT9mj23z
joT5oqNAeNmT201clw/nYYWTnKYELyPDtPURWXXCeHa7zr35grUisXv4G3V4+uxH
NeqztnhzQcUYAc+TYjhT4EOpXUirh8l695lWEnS2e2tt72O7HK1ftL3ciypsgiYX
0ZtKL6M93rJFo8eiY/fUL4+PT6frzn24j0rWX/LQNSzvarXa+gYwG8I78pQ7uV3I
bO27wWBJuYJcMYU5wKHBHAz8CPn9HtWZqQQC+H7QI9KExUb9bg7TNJdPQNQ77Ld3
R8A1MPpxtaNWWy/YOvpE02RihAyUdlbse51313XH/iYK97nk7+ECggEBAO4BGheo
ffUNiBDxZioYe3tOD7H1+r9L1GFbCc/EjeYibezGJmrQbopPhHtyCb4+rtO1F6Ks
dX2p7rPBdwySgAuiM8JEBer7RnvySwWSdV5Q5ZNm2RKzgMe2BST9LTExIY8qp9dT
dL+Mnk0GfCi9XUXEBa6p/WN4iIm/3kHGT4DysCwxMG+RDB1GPgdFVd9pQjiXHz5k
wGqz0HT5YKXHr9kkyv1pGiQZ5yWGjli4mOtAOmiRKFT2+BizSTXTJg6ewNywY4yh
7Je9gwpt7rNvOl/jEFetfKsXt3gTgwwIMho07Wo4UdEm21zA/9l9/JzBQbn3GVeF
m2HW4dfjl0LmbDcCggEBAOiPaE5shnXe4cAK6O8GILUUff14H8T3EruV/qDuSice
1Vi+WsczrbBnaF/RYtJ5U0ez5BcWfyYXtMi57zh2Tc9Qp2pduy8+TGGFjg8zUjQy
GNI92DXbz5wRGDu1ooqipv3w7YBzy9UldQgoc+RgNJIGLBBE8MAXWKwFm2XVVa95
YfsqgjLDtBpsrlOWxseSYyXqY5HS+2+kCTdEZ72Qvj9Q0UPmGSOasui7MFUss/7V
3q+ShOT/2zcpFWXXP3PsxTBQ6K8hFJJyO8tAwpqxFIvBM23FHkhQFq71ZKL4s/eZ
NiCUl2+6D+ZoFW/Oyknc/k/xaxNGXwfZkIGGFYz8omsCggEAOoUG115UahaDqDbS
ufL/GZhd/5HNr4+DjtSFmxJnGXjJsngeJhFNvLBEkN2/S4m6Ds/uGc9xrA5GZOhi
zzKOTU36j/+NvPM/p2Yx0BLszN3zNMULBrAgL/qvVSLzI69C4yLH1gftItP+cE3x
5Up6TpceFo4xgW23lLcafO23yqrhalxF3oi5g9ErmzoPHTmSULvHsN2w+gtwa/KN
MvXgZPHI/3oCNXIxBWcKRQJOhzlpoyBd3FZFNj2O+K8MIngiT6EHOSLvO3gbaksR
cAkfP0hjUkuT5bWVJO8XP7QcLZlp7r4eT+DP+wRxZBa4MArMkF8TWhO92tas/Ro2
rPpfDQKCAQEAqrEHV/hjwIP0oiXfzgBrZT1DNBVFDCZkg3aWS7xahNgms1oT+v29
UCq1+w4OQHl4XLp2gVOrw2PG90UxhfmfJrkGCBX/268YFMQX/qQmg9T5TubBmNZb
TStm4/xu7t5vPxfk2lEjnLA/c9ttJIRQUZViJhbTtcns9WWwJ1Ar8f1foyASK/xk
Zri6QvP5tmWFjEC7ED8Q+WImuX/lvMdOO96vmex7KxzSj+tEkF+dRT/okGk0TXhV
h+kJoZQZKJbyLIJWJqRbGxnpNUe1DiFG+US24Ky7i0vtOkE2uj9cqDC1/7fQZtrj
7LMceNIIu6oOptKFSsJt4a8YV1j43GBZPQKCAQBrozcpXPZyRYSowJ+UIQQ6g3Gi
QPkwVVv3VZFX2vwREv1nTxjhVRzgQGRiN/GrRs+2Q8VOS1wN7KGPqvFm0ET8k08+
U4dQYeeb1qheYykuPKWcLN+5Ab7B4XSdw5hwNsg/XmY5HSyPIRiUEiyrlXUwkS25
/ZDP5hxw0EKmgNLUzEEchZPhWCfM5VUDQTGTyDUeD9BwVkfO4Q7wHLb4NJYm5HTH
TAj0YB/FxRy5JzpdzOnDZGJfujTWGPGjb9dd4ELM12nToq36fGBM25qIAkYhcOBm
Ix2SKTsk7MXPTyCl94QiqUE1SipOCGHyOghhdtz37ReyMTlpz9ZIqVPTtrVc
-----END RSA PRIVATE KEY-----

asked 06 Jun '12, 10:40

Alek%20Storm's gravatar image

Alek Storm
6114
accept rate: 0%

edited 06 Jun '12, 11:32


2 Answers:

1

Are you using an early version of 1.6? There were two bugs (Bug 6032 and Bug 6033) that made decryption a little more tricky...

If so, please upgrade to the latest 1.6.x version... If not, can you show us your SSL-debug file?

answered 06 Jun '12, 15:02

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Not sure if upgrading to 1.6.8 is what fixed it, but I also had to change the "Protocol" field in the RSA keys list to "data", since I'm decrypting SPDY. Thanks!

(06 Jun '12, 16:56) Alek Storm

1

Works for me, what does your ssl debug log show? That's set in the SSL preferences for Wireshark.

You say you added the key to the RSA Keys list, what info did you set there? I have:

66.228.59.249 8888 http path/to/your/keyfile

answered 06 Jun '12, 12:52

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%