Hi, in our project we use SSL PSK encryption with a 20 byte binary key. I hope we read all available documentation about that but we were not able to decrypt the traffic even when we have the complete traffic and the PSK key. The example works with a 16 byte text password. As said we use a 20 byte binary password. Can anyone help? Thank you. asked 24 Sep '13, 06:20  trolly |
One Answer:
In Wireshark 1.10.2, there is currently a hard-coded limit of 16 bytes for the PSK. A fix was submitted at the wireshark bugtracker (bug 9216), so if you use a development snapshot of SVN revision 52335 or later, it should work. Otherwise you can try to apply the patch on https://gist.github.com/Lekensteyn/6781709 yourself. answered 01 Oct '13, 10:00  Lekensteyn edited 14 Oct '13, 06:24 showing 5 of 10 show 5 more comments |
Thanks. I will see if i can do that.
@trolly The patch has been accepted, if you did not succeed in compiling your own, try a snapshot from https://www.wireshark.org/download/automated/
Thanks. We tried but it did not work. It will simply not output the decrypted data. Do you have an example with a 20 byte?
@trolly, you can find an example capture in the bug report. Be sure to add leading zeroes as needed (if your last octet is lower than 16 (0x0f and below)
Hi, what should I see in the example when the decryption works? Looks strange here.
You should see HTTP traffic.
Sorry for the long delay. We built wireshark with the suggested patch but it did not work, even with the provided sample. Is this bug already integrated? Are there some limitations for the key?
Confused ...
@trolly Ensure that the key is the hexadecimal representation of the binary key (with an even length, so prepend a zero if the length is odd).
Hi, in which wireshark release is this bug fixed? 1.10.x? Or will it be fixed in 1.11.x?
This bug is already fixed in 1.11.x, it will probably not be fixed in 1.10.x.