This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Trying to decode a TLS packet capture and it isn't working. Can someone point me to what is going wrong. First part of ssl debug file is below.

Wireshark SSL debug log

ssl_association_remove removing TCP 443 - http handle 0000000004650E80
Private key imported: KeyID 9e:a7:11:d1:92:19:ab:42:ba:4b:e0:44:aa:a2:f3:5c:...
ssl_load_key: swapping p and q parameters and recomputing u
ssl_init IPv4 addr '10.1.16.129' (10.1.16.129) port '443' filename 'C:\SoftwareLib\Putty\serverprivkey.pem' password(only for p12 file) ''
ssl_init private key file C:\SoftwareLib\Putty\serverprivkey.pem successfully loaded.
association_add TCP port 443 protocol http handle 0000000004650E80

dissect_ssl enter frame #4 (first time)
ssl_session_init: initializing ptr 00000000081C0720 size 712
association_find: TCP port 38423 found 0000000000000000
packet_from_server: is from server - FALSE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 216
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 211, ssl state 0x00
association_find: TCP port 38423 found 0000000000000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 207 bytes, remaining 216 
packet_from_server: is from server - FALSE
ssl_find_private_key server 10.1.16.129:443
ssl_find_private_key: testing 1 keys
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #6 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 86
dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 81, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 86 
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_restore_session can't find stored session
trying to use SSL keylog in 
failed to open SSL keylog
  cannot find master secret in keylog file either
dissect_ssl3_hnd_srv_hello found CIPHER 0x0004 -> state 0x17
dissect_ssl3_hnd_srv_hello trying to generate keys
ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)
dissect_ssl3_hnd_srv_hello can't generate keyring material

dissect_ssl enter frame #7 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 6
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER

dissect_ssl enter frame #8 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 37
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 32, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 203 offset 5 length 8445086 bytes, remaining 37

dissect_ssl enter frame #12 (first time)
packet_from_server: is from server - FALSE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 43
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
  record: offset = 6, reported_length_remaining = 37
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 32, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 76 offset 11 length 4320174 bytes, remaining 43

dissect_ssl enter frame #13 (first time)
packet_from_server: is from server - FALSE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 255
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 250, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 38423 found 0000000000000000
association_find: TCP port 443 found 0000000004C7B210

dissect_ssl enter frame #14 (first time)
packet_from_server: is from server - FALSE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 648
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 643, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 38423 found 0000000000000000
association_find: TCP port 443 found 0000000004C7B210

dissect_ssl enter frame #16 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 1263
  need_desegmentation: offset = 0, reported_length_remaining = 1263

dissect_ssl enter frame #25 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 9021
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 9016, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 0000000004C7B210

dissect_ssl enter frame #25 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 1083
  need_desegmentation: offset = 0, reported_length_remaining = 1083

dissect_ssl enter frame #37 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 9021
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 9016, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 0000000004C7B210

dissect_ssl enter frame #38 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 1263
  need_desegmentation: offset = 0, reported_length_remaining = 1263

dissect_ssl enter frame #49 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 9021
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 9016, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 0000000004C7B210

dissect_ssl enter frame #49 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 1083
  need_desegmentation: offset = 0, reported_length_remaining = 1083

dissect_ssl enter frame #61 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 9021
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 9016, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 0000000004C7B210

dissect_ssl enter frame #61 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 903
  need_desegmentation: offset = 0, reported_length_remaining = 903

dissect_ssl enter frame #73 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 9021
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 9016, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 0000000004C7B210

dissect_ssl enter frame #73 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 723
  need_desegmentation: offset = 0, reported_length_remaining = 723

dissect_ssl enter frame #80 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 9021
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 9016, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 0000000004C7B210

dissect_ssl enter frame #85 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 1263
  need_desegmentation: offset = 0, reported_length_remaining = 1263

dissect_ssl enter frame #92 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 9021
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 9016, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 0000000004C7B210

dissect_ssl enter frame #92 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 1083
  need_desegmentation: offset = 0, reported_length_remaining = 1083

dissect_ssl enter frame #107 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 9021
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 9016, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 0000000004C7B210

dissect_ssl enter frame #107 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000005731058, ssl_session = 00000000081C0720
  record: offset = 0, reported_length_remaining = 903
  need_desegmentation: offset = 0, reported_length_remaining = 903

asked 30 May '15, 15:13

EASGCS's gravatar image

EASGCS
6112
accept rate: 0%

edited 31 May '15, 01:53

grahamb's gravatar image

grahamb ♦
19.8k330206


ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)

That line is an indicator that you have loaded the wrong private key for the TLS session. Please double check that.

Regards
Kurt

permanent link

answered 01 Jun '15, 03:32

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×56

question asked: 30 May '15, 15:13

question was seen: 2,531 times

last updated: 01 Jun '15, 03:32

p​o​w​e​r​e​d by O​S​Q​A