This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi all

I have an SSL conversation, and have applied the private RSA key of the server.

From the debug file, I can see that the SSL dissector reaches the stage at which the session keys are generated and a server and client decoders are created and are using AES256.

The stage reached is Server: Change Cipher Spec, Finished

However the application data thereafter is not being decrypted correctly.

Presumably if I had the incorrect RSA key, then Wireshark couldn't get as far as generating the session keys? If so, then how could it fail to decrypt the application data using the session key?

Any help gratefully received!

Robert

asked 15 Oct '15, 07:54

ronslow's gravatar image

ronslow
11338
accept rate: 0%

And in fact I checked the RSA key using https://ask.wireshark.org/questions/22813/not-able-to-decrypt-ssl-data-with-private-keys and it's the correct key!

(15 Oct '15, 09:27) ronslow

What Wireshark version are you using and what cipher suite is listed in the Server Hello? Do you have a ClientKeyExchange? If not, see point three of https://ask.wireshark.org/questions/45220/having-trouble-decrypting-tlsv1-traffic-using-private-key-of-the-server/45231.

(15 Oct '15, 10:41) Lekensteyn
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×21
×21

question asked: 15 Oct '15, 07:54

question was seen: 1,002 times

last updated: 15 Oct '15, 10:41

p​o​w​e​r​e​d by O​S​Q​A