This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

As I was experimenting with wireshark and SSL decryption, I ran into a reproducible error.

The SSL server sends back an HTML page and wireshark fails to decrypt:

I get a frame HTTP/1.1 200 OK, inside of which:

Content-encoded entity body (gzip): 77775 bytes [Error: Decompression failed]

I had a similar "Decompression failed" problem before with another server having to do with out-of-order frames, but in this capture everything is in-order.

I was able to reproduce this failure twice by going to
https://www.chase.com
Then scroll down to the bottom and click Site Map.
You will get a properly decrypted main page, but not the "site map" page.

Here is the relevant captures with SSL keys
http://cloudshark.org/captures/0b3b37e94edb

SSL keys:
http://pastebin.com/69V33BE2

Frame 1760 is where the failure happens.

Any suggestions on how to solve the failure?

asked 05 Aug '13, 09:19

dansmith's gravatar image

dansmith
16448
accept rate: 50%

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×11

question asked: 05 Aug '13, 09:19

question was seen: 4,497 times

last updated: 05 Aug '13, 09:19

p​o​w​e​r​e​d by O​S​Q​A