SSL session not decrypted

Question

I am running Wireshark on CentOS. I need to decode SSL traffic. I have the server's key. I set the ip address, port, protocol, key in edit>preferences>protocols>SSL>key info. For the key, I use the pem key exported from the application. Then I start my web browser & application. I go through a transaction, stop wireshark capture and look at the frames.

I see the frames captured. When I click on "Follow SSL Stream", nothing is displayed in dialog window. When I click on "Follow TCP Stream" (on the same frame), I see the at the beginning of the conversation my certificate, from which I extracted the key (with openssl), being exchanged.

Getting no display on "Follow SSL Stream" indicates to me some key issue. When I look at the "Wireshark SSL Debug Log", I see the below, which I do not completely understand. The first "paragraph" indicates successful PEM key load, but then it encounters problems with key.

Is there any hint of what is going wrong in log that I am missing? I am as sure as humanly possible that I have the right key... What is meant with "try it again with universal address 0.0.0.0"? What could the reason be for "sslfindprivatekey cannot find private key for this server"?

Thanks.

**

Wireshark SSL debug log

**

ssl_association_remove removing TCP 9031 - http handle 0x2dc1770
Private key imported: KeyID 06:74:d4:cb:70:e5:f9:3a:78:b4:2b:6d:87:f7:71:7f:...
ssl_load_key: swapping p and q parameters and recomputing u
ssl_init IPv4 addr '127.0.0.1' (127.0.0.1) port '9031' filename '/home/cemil/keytests/14966CD11F8.pem' password(only for p12 file) ''
ssl_init private key file /home/cemil/keytests/14966CD11F8.pem successfully loaded.
association_add TCP port 9031 protocol http handle 0x2dc1770
dissect_ssl enter frame #10 (first time)
ssl_session_init: initializing ptr 0x7fc8c36468a8 size 688
conversation = 0x7fc8c3645718, ssl_session = 0x7fc8c36468a8
record: offset = 0, reported_length_remaining = 233
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 228, ssl state 0x00
association_find: TCP port 42803 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 224 bytes, remaining 233
packet_from_server: is from server - FALSE
ssl_find_private_key server ::1:9031
ssl_find_private_key can't find private key for this server! Try it again with universal port 0
ssl_find_private_key can't find private key for this server (universal port)! Try it again with universal address 0.0.0.0
ssl_find_private_key can't find any private key!
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #12 (first time)
ssl_session_init: initializing ptr 0x7fc8c3646e18 size 688
conversation = 0x7fc8c3645cd8, ssl_session = 0x7fc8c3646e18
record: offset = 0, reported_length_remaining = 233
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 228, ssl state 0x00
association_find: TCP port 42804 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 224 bytes, remaining 233
packet_from_server: is from server - FALSE
ssl_find_private_key server ::1:9031
ssl_find_private_key can't find private key for this server! Try it again with universal port 0
ssl_find_private_key can't find private key for this server (universal port)! Try it again with universal address 0.0.0.0
ssl_find_private_key can't find any private key!
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #14 (first time)
ssl_session_init: initializing ptr 0x7fc8c3647388 size 688
conversation = 0x7fc8c3646298, ssl_session = 0x7fc8c3647388
record: offset = 0, reported_length_remaining = 233
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 228, ssl state 0x00
association_find: TCP port 42805 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 224 bytes, remaining 233
packet_from_server: is from server - FALSE
ssl_find_private_key server ::1:9031
ssl_find_private_key can't find private key for this server! Try it again with universal port 0
ssl_find_private_key can't find private key for this server (universal port)! Try it again with universal address 0.0.0.0
ssl_find_private_key can't find any private key!
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01

Answer 1

What could the reason be for "sslfindprivatekey cannot find private key for this server"?

I don't know, maybe there is something wrong with your

capture file
private key
ssl preferences (key settings)

Please try the whole SSL decryption process with the following sample file:

http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=snakeoil2_070531.tgz

The key is included in the file (use 7-ZIP to open it).

If that does not work (it work should - I just tested it), there is something wrong with one of the things mentioned above.

Which one? Impossible to tell, without access to the capture file and the key, or at least a full ssl debug file (only the first 20 frames).

Regards
Kurt