This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TLSv1 decode problem with “no decoder available”

0

Wireshark SSL debug log as following:

Wireshark SSL debug log

ssl_association_remove removing TCP 443 - http handle 000000000462E6F0
2665 bytes read
PKCS#12 imported
Bag 0/0: PKCS#8 Encrypted key
Private key imported: KeyID 28:59:c6:a1:a4:4b:97:bf:3e:0e:6f:2a:cb:3a:65:83:...
ssl_load_key: swapping p and q parameters and recomputing u
Bag 1/0: Encrypted
Bag 1/0 decrypted: Certificate
Certificate imported: sut01 <<ERROR>>, KeyID 2859c6a1a44b97bf3e0e6f2acb3a65835727c78e
ssl_init IPv4 addr '192.168.253.1' (192.168.253.1) port '443' filename 'C:\rpcPfxCert.pfx' password(only for p12 file) '123'
ssl_init private key file C:\rpcPfxCert.pfx successfully loaded.
association_add TCP port 443 protocol http handle 000000000462E6F0

dissect_ssl enter frame #1 (first time) ssl_session_init: initializing ptr 000000000615D9E0 size 688 conversation = 000000000615D6B8, ssl_session = 000000000615D9E0 record: offset = 0, reported_length_remaining = 74 dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x10 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 32, ssl state 0x10 association_find: TCP port 443 found 000000000868EFF0 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 443 found 000000000868EFF0 record: offset = 37, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 32, ssl state 0x10 association_find: TCP port 443 found 000000000868EFF0 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 443 found 000000000868EFF0

dissect_ssl enter frame #2 (first time) conversation = 000000000615D6B8, ssl_session = 000000000615D9E0 record: offset = 0, reported_length_remaining = 90 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 32, ssl state 0x10 association_find: TCP port 443 found 000000000868EFF0 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 443 found 000000000868EFF0 record: offset = 37, reported_length_remaining = 53 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 48, ssl state 0x10 association_find: TCP port 443 found 000000000868EFF0 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 443 found 000000000868EFF0

dissect_ssl enter frame #4 (first time) ssl_session_init: initializing ptr 000000000615E358 size 688 conversation = 000000000615E030, ssl_session = 000000000615E358 record: offset = 0, reported_length_remaining = 261 dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x10 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 256, ssl state 0x10 association_find: TCP port 49571 found 0000000000000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 49571 found 0000000000000000 association_find: TCP port 443 found 000000000868EFF0

asked 30 Jun ‘14, 01:15

james%20aichi's gravatar image

james aichi
1111
accept rate: 0%

edited 30 Jun ‘14, 02:02

grahamb's gravatar image

grahamb ♦
19.8k330206


One Answer:

1

Your capture starts immediately with Application Data records. Since the encryption of TLS packets depends on previously agreed parameters, you cannot decrypt these packets without a prior completed handshake. You will not be able to decrypt this capture.

Try getting a new capture, before actually connecting.

answered 30 Jun '14, 02:04

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%