This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi, I'm implementing mutual authentication for a particular virtual host on my sever. Once I received the client SHA256 signed cert I got below alert.

Level: fatal, description: Decrypt error

frame 16: server received client cert

frame 17: server sent decrypt error

According to http://tools.ietf.org/html/rfc5246

decrypt_error means

  A handshake cryptographic operation failed, including being unable
  to correctly verify a signature or validate a Finished message.
  This message is always fatal.

I guess in my case the server is not able to verify signature. can you let me know what might be the reasons for server not able to verify cert signature? I have the necessary root and int. certs. Do you think it has something to do with SHA256? Other client certs for which I see successful handshakes are sha1.

wireshark debug logs:

dissect_ssl enter frame #16 (first time) conversation = 0000000006D169A8, ssl_session = 0000000006D16FE8 record: offset = 0, reported_length_remaining = 3894 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 3889, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 11 offset 5 length 3885 bytes, remaining 3894

dissect_ssl enter frame #16 (first time) conversation = 0000000006D169A8, ssl_session = 0000000006D16FE8 record: offset = 0, reported_length_remaining = 186 need_desegmentation: offset = 0, reported_length_remaining = 186

dissect_ssl enter frame #17 (first time) conversation = 0000000006D169A8, ssl_session = 0000000006D16FE8 record: offset = 0, reported_length_remaining = 7 dissect_ssl3_record: content_type 21 Alert decrypt_ssl3_record: app_data len 2, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available

Thanks in advance.

asked 28 Oct '14, 17:39

gopi1828's gravatar image

gopi1828
11113
accept rate: 0%

Is your question why the server is unable to handle the request or why Wireshark is (possibly) unable to decrypt the session?

(29 Oct '14, 05:32) Kurt Knochner ♦

My question is why the server unable to handle the request

(29 Oct '14, 08:41) gopi1828

O.K. that's impossible to tell without looking at the logs of the server or without decrypting the session. Are you able to decrypt the session in Wireshark?

(29 Oct '14, 12:19) Kurt Knochner ♦
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×193
×62
×21
×10

question asked: 28 Oct '14, 17:39

question was seen: 6,702 times

last updated: 29 Oct '14, 12:19

p​o​w​e​r​e​d by O​S​Q​A