ssl_association_remove removing TCP 8443 - http handle 0000000003DC0F70
Private key imported: KeyID ea:a4:54:89:95:d5:9e:3b:41:fa:21:22:0c:e3:12:14:...
ssl_init IPv4 addr '10.10.1.58' (10.10.1.58) port '8443' filename 'C:\applications\keys\foo2.pkf' password(only for p12 file) ''
ssl_init private key file C:\applications\keys\foo2.pkf successfully loaded.
association_add TCP port 8443 protocol http handle 0000000003DC0F70
dissect_ssl enter frame #4 (first time)
ssl_session_init: initializing ptr 0000000005891D30 size 680
conversation = 0000000005891880, ssl_session = 0000000005891D30
record: offset = 0, reported_length_remaining = 165
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 160, ssl state 0x00
association_find: TCP port 52160 found 0000000000000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 156 bytes, remaining 165
packet_from_server: is from server - FALSE
ssl_find_private_key server 10.10.1.58:8443
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #5 (first time)
conversation = 0000000005891880, ssl_session = 0000000005891D30
record: offset = 0, reported_length_remaining = 1320
dissect_ssl3_record found version 0x0301 -> state 0x11
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 1315, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 1320
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
dissect_ssl3_hnd_srv_hello can't find cipher suite 0xC011
dissect_ssl3_handshake iteration 0 type 11 offset 86 length 895 bytes, remaining 1320
dissect_ssl3_handshake iteration 0 type 12 offset 985 length 327 bytes, remaining 1320
dissect_ssl3_handshake iteration 0 type 14 offset 1316 length 0 bytes, remaining 1320
dissect_ssl enter frame #6 (first time)
conversation = 0000000005891880, ssl_session = 0000000005891D30
record: offset = 0, reported_length_remaining = 122
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 70, ssl state 0x13
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 66 bytes, remaining 75
dissect_ssl3_handshake wrong encrypted length (16644 max 66)
record: offset = 75, reported_length_remaining = 47
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
record: offset = 81, reported_length_remaining = 41
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 36, ssl state 0x13
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 25 offset 86 length 12940900 bytes, remaining 122
dissect_ssl enter frame #7 (first time)
conversation = 0000000005891880, ssl_session = 0000000005891D30
record: offset = 0, reported_length_remaining = 6
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
dissect_ssl enter frame #8 (first time)
conversation = 0000000005891880, ssl_session = 0000000005891D30
record: offset = 0, reported_length_remaining = 41
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 36, ssl state 0x13
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 55 offset 5 length 4474236 bytes, remaining 41
dissect_ssl enter frame #10 (first time)
conversation = 0000000005891880, ssl_session = 0000000005891D30
record: offset = 0, reported_length_remaining = 328
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 323, ssl state 0x13
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 52160 found 0000000000000000
association_find: TCP port 8443 found 0000000004C71780
dissect_ssl enter frame #11 (first time)
conversation = 0000000005891880, ssl_session = 0000000005891D30
record: offset = 0, reported_length_remaining = 618
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 613, ssl state 0x13
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 8443 found 0000000004C71780
dissect_ssl enter frame #4 (already visited)
conversation = 0000000005891880, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 165
dissect_ssl3_record: content_type 22
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 156 bytes, remaining 165
dissect_ssl enter frame #5 (already visited)
conversation = 0000000005891880, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 1320
dissect_ssl3_record: content_type 22
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 1320
dissect_ssl3_handshake iteration 0 type 11 offset 86 length 895 bytes, remaining 1320
dissect_ssl3_handshake iteration 0 type 12 offset 985 length 327 bytes, remaining 1320
dissect_ssl3_handshake iteration 0 type 14 offset 1316 length 0 bytes, remaining 1320
dissect_ssl enter frame #6 (already visited)
conversation = 0000000005891880, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 122
dissect_ssl3_record: content_type 22
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 66 bytes, remaining 75
record: offset = 75, reported_length_remaining = 47
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
record: offset = 81, reported_length_remaining = 41
dissect_ssl3_record: content_type 22
dissect_ssl3_handshake iteration 1 type 25 offset 86 length 12940900 bytes, remaining 122
dissect_ssl enter frame #7 (already visited)
conversation = 0000000005891880, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 6
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
dissect_ssl enter frame #8 (already visited)
conversation = 0000000005891880, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 41
dissect_ssl3_record: content_type 22
dissect_ssl3_handshake iteration 1 type 55 offset 5 length 4474236 bytes, remaining 41
dissect_ssl enter frame #10 (already visited)
conversation = 0000000005891880, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 328
dissect_ssl3_record: content_type 23
association_find: TCP port 52160 found 0000000000000000
association_find: TCP port 8443 found 0000000004C71780
dissect_ssl enter frame #11 (already visited)
conversation = 0000000005891880, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 618
dissect_ssl3_record: content_type 23
association_find: TCP port 8443 found 0000000004C71780
Excellent! I configured firefox to not use any DH cipher suites, and it all sprang into life :) It is now using: Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)