This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi Everyone,

Here is my issue:

I am able to decrypt TLS packet through Wireshark but somehow I am not able to do it with all the packets that are supposed to. So I am getting this error for those packets:

ssl_generate_pre_master_secret: not enough data to generate key (required state 17)

Here is the whole frame:

dissect_ssl enter frame #19 (first time)
packet_from_server: is from server - FALSE
  conversation = 055C1208, ssl_session = 07161490
  record: offset = 0, reported_length_remaining = 358
dissect_ssl3_record found version 0x0303(TLS 1.2) -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 262, ssl state 0x11
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267 
ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 11
ssl_generate_pre_master_secret: not enough data to generate key (required state 17)
dissect_ssl3_handshake can't generate pre master secret
  record: offset = 267, reported_length_remaining = 91
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
  record: offset = 273, reported_length_remaining = 85
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 80, ssl state 0x11
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 41 offset 278 length 15319293 bytes, remaining 358

I also tried to look for the meaning of the "state 17" but I couldn't find it :S

I appreciate any help, thanks.

asked 24 Apr '15, 07:03

felipe's gravatar image

felipe
11114
accept rate: 0%


Asked and answered multiple times, eg. https://ask.wireshark.org/questions/17630

permanent link

answered 24 Apr '15, 07:42

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

How is this question the same? These logs say it is in state 11 but required 17 and make no mention of DH. Those logs fail in state 0x17 but require 0x37 or 0x57. It also does not say what state 17 actually is like the OP was asking.

(12 Jun '16, 15:30) Steiny

I agree that this question doesn't appear to be about using a DH cipher. I suspect that the capture doesn't include all the required frames that setup a TLS session, because of the state value.

The "state" is a set of bitflags that indicate what elements of a TLS session have been seen, the current list of bitflags from the source code is:

#define SSL_CLIENT_RANDOM       (1<<0)
#define SSL_SERVER_RANDOM       (1<<1)
#define SSL_CIPHER              (1<<2)
#define SSL_HAVE_SESSION_KEY    (1<<3)
#define SSL_VERSION             (1<<4)
#define SSL_MASTER_SECRET       (1<<5)
#define SSL_PRE_MASTER_SECRET   (1<<6)
#define SSL_CLIENT_EXTENDED_MASTER_SECRET (1<<7)
#define SSL_SERVER_EXTENDED_MASTER_SECRET (1<<8)
#define SSL_SERVER_HELLO_DONE   (1<<9)
#define SSL_NEW_SESSION_TICKET  (1<<10)

This a state value of 11 shows that bits 0 and 4 have been set, i.e. SSL_CLIENT_RANDOM and SSL_VERSION have been located, and state 17 has the additional flags SSL_SERVER_RANDOM and SSL_CIPHER.

permanent link

answered 15 Jun '16, 14:07

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×193
×21

question asked: 24 Apr '15, 07:03

question was seen: 2,350 times

last updated: 15 Jun '16, 14:07

p​o​w​e​r​e​d by O​S​Q​A