This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello, I've come across this a few times at work and am wondering if anyone has a possible explanation. When trying to decrypt traces with Wireshark, decryption works fine, but when exporting the session keys from the file menu, the RSA-Session ID comes up as empty.

asked 10 Dec '13, 09:54

voiper's gravatar image

voiper
1111
accept rate: 0%


Not all TLS sessions have a Session ID (i.e. SessionID length is zero). Due to a bug, pre-master secrets with an empty session ID are stored anyway. You can try using key log files instead, either by using it directly on the application you are analyzing or by copying the Random field from the ClientHello and combine it with the pre-master secret.

permanent link

answered 13 Dec '13, 03:11

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×11
×4
×1

question asked: 10 Dec '13, 09:54

question was seen: 1,852 times

last updated: 13 Dec '13, 03:11

p​o​w​e​r​e​d by O​S​Q​A