I'm trying to decrypt a small TLSv1.2 stream, using Wireshark 1.8.6 Win64 (stock build from wireshark.org). I've configured the server's private key in the preferences. I have prior experience with SSL/TLS and OpenSSL, so I'm reasonably sure all of this is correct.
The SSL debug log shows the "key exchange 0 different from KEX_RSA" message immediately before complaining it can't decrypt the pre-master secret. The only other posting I've seen about this message identified the cause as a non-RSA cypher suite, which makes sense; but this conversation is using RSA. The Server Hello dissection shows "Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)". And indeed the Client Key Exchange dissection says "RSA Encrypted PreMaster Secret".
My next move was going to be to pull the current sources and build for debug (I've done that before), but I figured it was worth asking if anyone had any quick suggestions before I go through the trouble.
Client Key Exchange begins with 10 00 00 82 00 80, followed by the actual encrypted pre-master, if that helps.
asked 20 Apr '13, 20:20