This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Using Version 1.12.5 (v1.12.5-0-g5819e5b from master-1.12), I can't get SSL traffic to decrypt for a particular server, debug log shows:

ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)

Reading the other threads, I see this is commonly a mismatched private key. But, I have verified the private key does indeed match the cert by doing the modulus compare with the cert from capture itself and also writing some java code to do an asym encrypt/decrypt. I see the Client hello with session id = 0 and a non-DH cipher of TLS_RSA_WITH_RC4_128_MD5. I am also able to decrypt the snakeoil example as well as a capture from my local system to a dev server (of course the one I REALLY need to see won't decrypt...)

This connection does use a client cert, but that wasn't an issue with my local capture which also used it.

Here's a snippit of my ssl-debug.log

ssl_association_remove removing TCP 30111 - http handle 0000000005962170
Private key imported: KeyID 36:32:78:72:cd:1f:6d:58:65:90:be:27:a8:af:ae:33:...
ssl_init IPv4 addr '151.22.34.18' (151.22.34.18) port '30111' filename 'C:\temp\test.key' password(only for p12 file) ''
ssl_init private key file C:\temp\test.key successfully loaded.
association_add TCP port 30111 protocol http handle 0000000005962170

dissect_ssl enter frame #4 (first time)
ssl_session_init: initializing ptr 0000000009940720 size 712
association_find: TCP port 46845 found 0000000000000000
packet_from_server: is from server - FALSE
  conversation = 0000000006AF1058, ssl_session = 0000000009940720
  record: offset = 0, reported_length_remaining = 112
packet_from_server: is from server - FALSE
ssl_find_private_key server 151.22.34.18:30111
ssl_find_private_key: testing 1 keys
client random len: 32 padded to 32
dissect_ssl2_hnd_client_hello found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #5 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000006AF1058, ssl_session = 0000000009940720
  record: offset = 0, reported_length_remaining = 1448
dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 74, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 79 
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
dissect_ssl3_hnd_srv_hello found CIPHER 0x0004 -> state 0x17
dissect_ssl3_hnd_srv_hello trying to generate keys
ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)
dissect_ssl3_hnd_srv_hello can't generate keyring material
  record: offset = 79, reported_length_remaining = 1369
  need_desegmentation: offset = 79, reported_length_remaining = 1369

dissect_ssl enter frame #7 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000006AF1058, ssl_session = 0000000009940720
  record: offset = 0, reported_length_remaining = 3759
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 3754, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 5 length 3750 bytes, remaining 3759

dissect_ssl enter frame #7 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000000006AF1058, ssl_session = 0000000009940720
  record: offset = 0, reported_length_remaining = 22
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 8, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 13 offset 5 length 4 bytes, remaining 13 
  record: offset = 13, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 18 length 0 bytes, remaining 22

dissect_ssl enter frame #11 (first time)
packet_from_server: is from server - FALSE
  conversation = 0000000006AF1058, ssl_session = 0000000009940720
  record: offset = 0, reported_length_remaining = 1448
  need_desegmentation: offset = 0, reported_length_remaining = 1448

dissect_ssl enter frame #14 (first time)
packet_from_server: is from server - FALSE
  conversation = 0000000006AF1058, ssl_session = 0000000009940720
  record: offset = 0, reported_length_remaining = 4081
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4076, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 5 length 3810 bytes, remaining 4081 
dissect_ssl3_handshake iteration 0 type 16 offset 3819 length 258 bytes, remaining 4081 
ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17
pre master encrypted[256]:
| 17 3f 7f eb d4 9c 4b a1 3b 63 a7 68 2b 72 d4 72 |.?....K.;c.h+r.r|
ssl_decrypt_pre_master_secret:RSA_private_decrypt
<snip>
decrypted_unstrip_pre_master[256]:
| 0e 94 12 a1 4d 17 1a 83 1e 40 7f 58 40 fa ae 10 |[email protected]@...|
<snip>
pcry_private_decrypt: stripping 0 bytes, decr_len 256
ssl_decrypt_pre_master_secret wrong pre_master_secret length (256, expected 48)
ssl_generate_pre_master_secret: can't decrypt pre master secret
trying to use SSL keylog in 
failed to open SSL keylog
dissect_ssl3_handshake can't generate pre master secret

dissect_ssl enter frame #16 (first time)
packet_from_server: is from server - FALSE
  conversation = 0000000006AF1058, ssl_session = 0000000009940720
  record: offset = 0, reported_length_remaining = 310
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 262, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 15 offset 5 length 258 bytes, remaining 267 
  record: offset = 267, reported_length_remaining = 43
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
  record: offset = 273, reported_length_remaining = 37
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 32, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 140 offset 278 length 15468901 bytes, remaining 310

Thanks in advance!

asked 27 Jul '15, 10:24

mankiko's gravatar image

mankiko
6112
accept rate: 0%

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×56

question asked: 27 Jul '15, 10:24

question was seen: 1,226 times

last updated: 27 Jul '15, 10:24

p​o​w​e​r​e​d by O​S​Q​A