This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm trying to decrypt a small TLSv1.2 stream, using Wireshark 1.8.6 Win64 (stock build from wireshark.org). I've configured the server's private key in the preferences. I have prior experience with SSL/TLS and OpenSSL, so I'm reasonably sure all of this is correct.

The SSL debug log shows the "key exchange 0 different from KEX_RSA" message immediately before complaining it can't decrypt the pre-master secret. The only other posting I've seen about this message identified the cause as a non-RSA cypher suite, which makes sense; but this conversation is using RSA. The Server Hello dissection shows "Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)". And indeed the Client Key Exchange dissection says "RSA Encrypted PreMaster Secret".

My next move was going to be to pull the current sources and build for debug (I've done that before), but I figured it was worth asking if anyone had any quick suggestions before I go through the trouble.

Client Key Exchange begins with 10 00 00 82 00 80, followed by the actual encrypted pre-master, if that helps.

asked 20 Apr '13, 20:20

mwojcik's gravatar image

mwojcik
11112
accept rate: 0%

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×1

question asked: 20 Apr '13, 20:20

question was seen: 1,405 times

last updated: 20 Apr '13, 20:20

p​o​w​e​r​e​d by O​S​Q​A