This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Problem decrypting, but after session keys successfully generated

0

Hi all

I have an SSL conversation, and have applied the private RSA key of the server.

From the debug file, I can see that the SSL dissector reaches the stage at which the session keys are generated and a server and client decoders are created and are using AES256.

The stage reached is Server: Change Cipher Spec, Finished

However the application data thereafter is not being decrypted correctly.

Presumably if I had the incorrect RSA key, then Wireshark couldn't get as far as generating the session keys? If so, then how could it fail to decrypt the application data using the session key?

Any help gratefully received!

Robert

asked 15 Oct '15, 07:54

ronslow's gravatar image

ronslow
11338
accept rate: 0%

And in fact I checked the RSA key using https://ask.wireshark.org/questions/22813/not-able-to-decrypt-ssl-data-with-private-keys and it's the correct key!

(15 Oct '15, 09:27) ronslow

What Wireshark version are you using and what cipher suite is listed in the Server Hello? Do you have a ClientKeyExchange? If not, see point three of https://ask.wireshark.org/questions/45220/having-trouble-decrypting-tlsv1-traffic-using-private-key-of-the-server/45231.

(15 Oct '15, 10:41) Lekensteyn