This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Missing RSA session ID

0

Hello, I've come across this a few times at work and am wondering if anyone has a possible explanation. When trying to decrypt traces with Wireshark, decryption works fine, but when exporting the session keys from the file menu, the RSA-Session ID comes up as empty.

asked 10 Dec '13, 09:54

voiper's gravatar image

voiper
1111
accept rate: 0%


One Answer:

1

Not all TLS sessions have a Session ID (i.e. SessionID length is zero). Due to a bug, pre-master secrets with an empty session ID are stored anyway. You can try using key log files instead, either by using it directly on the application you are analyzing or by copying the Random field from the ClientHello and combine it with the pre-master secret.

answered 13 Dec '13, 03:11

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%