Hi all I have an SSL conversation, and have applied the private RSA key of the server. From the debug file, I can see that the SSL dissector reaches the stage at which the session keys are generated and a server and client decoders are created and are using AES256. The stage reached is Server: Change Cipher Spec, Finished However the application data thereafter is not being decrypted correctly. Presumably if I had the incorrect RSA key, then Wireshark couldn't get as far as generating the session keys? If so, then how could it fail to decrypt the application data using the session key? Any help gratefully received! Robert asked 15 Oct '15, 07:54  ronslow |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
And in fact I checked the RSA key using https://ask.wireshark.org/questions/22813/not-able-to-decrypt-ssl-data-with-private-keys and it's the correct key!
What Wireshark version are you using and what cipher suite is listed in the Server Hello? Do you have a ClientKeyExchange? If not, see point three of https://ask.wireshark.org/questions/45220/having-trouble-decrypting-tlsv1-traffic-using-private-key-of-the-server/45231.