This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TLSv1 Decryption Problem

0

Hello,

I'm having problems decrypting HTTPS TLSv1 traffic. I've set up a Windows Server 2012 VM with IIS and I've only allowed RSA cipher suites.

I start the capture, open the browser and the page and then stop the capture.

Then I configure the private key on Wireshark but the traffic does not get decrypted.

I found an error regarding the Pre Master Secret but I'm sure that this is the correct private key and certificate.

At the end of the post you'll find the contents of the SSL log file.

Regards,

Chris

Wireshark SSL debug log

ssl_association_remove removing TCP 443 - http handle 0000000004453240
Private key imported: KeyID 75:a5:a6:2c:01:a5:7c:34:a5:4a:a0:e9:c3:74:4f:18:...
ssl_load_key: swapping p and q parameters and recomputing u
ssl_init IPv4 addr '192.168.0.9' (192.168.0.9) port '443' filename 'C:\Users\chris_000\Desktop\key.pem' password(only for p12 file) ''
ssl_init private key file C:\Users\chris_000\Desktop\key.pem successfully loaded.
association_add TCP port 443 protocol http handle 0000000004453240

dissect_ssl enter frame #8 (first time) ssl_session_init: initializing ptr 000000000A5D1790 size 712 association_find: TCP port 60866 found 0000000000000000 packet_from_server: is from server - FALSE conversation = 0000000005771098, ssl_session = 000000000A5D1790 record: offset = 0, reported_length_remaining = 223 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 218, ssl state 0x00 association_find: TCP port 60866 found 0000000000000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 1 offset 5 length 214 bytes, remaining 223 packet_from_server: is from server - FALSE ssl_find_private_key server 192.168.0.9:443 ssl_find_private_key: testing 1 keys dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #13 (first time) ssl_session_init: initializing ptr 000000000A5D2280 size 712 association_find: TCP port 60867 found 0000000000000000 packet_from_server: is from server - FALSE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 175 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 170, ssl state 0x00 association_find: TCP port 60867 found 0000000000000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 1 offset 5 length 166 bytes, remaining 175 packet_from_server: is from server - FALSE ssl_find_private_key server 192.168.0.9:443 ssl_find_private_key: testing 1 keys dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #14 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 965 dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x11 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 960, ssl state 0x11 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 965 dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13 dissect_ssl3_hnd_srv_hello found CIPHER 0x0005 -> state 0x17 dissect_ssl3_hnd_srv_hello trying to generate keys ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57) dissect_ssl3_hnd_srv_hello can't generate keyring material dissect_ssl3_handshake iteration 0 type 11 offset 86 length 871 bytes, remaining 965 dissect_ssl3_handshake iteration 0 type 14 offset 961 length 0 bytes, remaining 965

dissect_ssl enter frame #16 (first time) packet_from_server: is from server - FALSE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 314 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 262, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267 ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17 pre master encrypted[256]: | 07 6a 72 cb 03 09 9c 0e 23 c6 23 7f 2c 3d 85 6b |.jr…..#.#.,=.k| | 67 cf 4b eb 2a 4d 9d 06 2a 7c 75 b5 d5 bf fc 47 |g.K.M..|u….G| | 5e d0 5b cd 86 0e 77 03 58 1d 49 a7 a5 fb 22 a7 |^.[…w.X.I…".| | e0 b0 1d 3b 90 7d cb 61 35 24 9a f2 3d 3d 14 49 |…;.}.a5$..==.I| | 25 8a 05 2e da 0c ee f7 01 8d 9c 1f 63 75 49 ba |%………..cuI.| | b7 ea 43 1e b7 75 53 a7 40 6b d7 45 d9 65 4a ef |[email protected].| | 2c b8 7a a5 88 b6 21 ce f9 3e a2 c1 70 b4 2a a1 |,.z…!..>..p..| | e5 38 59 52 88 48 ee 0f e6 8a 60 65 37 d9 76 3b |.8YR.H….`e7.v;| | fb e6 f0 5d c0 5b 93 e7 8d 27 dd d0 7c 6c 4b 99 |…].[…'..|lK.| | 0e 3f e2 fd da ba d4 1d c7 87 19 28 30 40 24 c2 |.?………([email protected]$.| | 00 e3 96 13 68 20 8c 85 9d ab 9e 61 7b b8 f1 15 |….h …..a{…| | 5b e5 cd a5 d0 19 bf 4b f9 56 3f 80 a6 a2 f6 37 |[……K.V?….7| | 69 14 b6 e2 28 97 2c 6b fc 16 19 0e 67 75 eb b2 |i…(.,k….gu..| | f3 85 3e 06 bd 76 10 73 95 e7 bf bf 73 f3 c7 57 |..>..v.s….s..W| | 35 09 d9 e0 34 59 97 b6 40 af fd 64 5e dd e2 7a |[email protected]^..z| | cd 81 7f 7b e0 8a 51 3c cc a9 93 9e ef 0b 64 5a |…{..Q<……dZ| ssl_decrypt_pre_master_secret:RSA_private_decrypt decrypted_unstrip_pre_master[256]: | 07 f9 03 9c 86 87 14 37 b8 47 54 e2 b4 d8 45 04 |…….7.GT…E.| | 73 28 ca b0 c0 14 7e 48 6b fb c1 01 9f 2e 4d ac |s(….~Hk…..M.| | 16 b8 a0 b5 22 8b 47 9a f9 4f 81 b6 fb c6 c8 c6 |….".G..O……| | ab af 11 8d c8 4c 6b 74 96 2c 9c f0 ef bb cf 3e |…..Lkt.,…..>| | fd 3d 65 67 87 c9 ed 63 9d 1e 69 df 0f 48 86 47 |.=eg…c..i..H.G| | f5 d7 9f ad 2e c4 46 39 68 b3 cf a8 83 8b 1f 6e |……F9h……n| | f9 23 9b 7a f9 10 ff f2 0f 84 63 6c a9 25 0a 1f |.#.z……cl.%..| | 48 7b 63 55 7b ab 3e 66 85 fd b7 71 9e eb 4f 8f |H{cU{.>f…q..O.| | b9 af 94 13 98 75 52 1e 85 67 fc bd ba e5 f0 05 |…..uR..g……| | 28 7d da e3 06 38 21 4b f1 7d 50 c3 9d 86 bd 83 |(}…8!K.}P…..| | 3c 03 10 38 5a cf 3e 9d d8 73 b7 aa b5 f2 48 4b |<..8Z.>..s….HK| | 74 af 39 4a fb e5 ce 33 27 e6 a6 08 a9 99 71 d1 |t.9J…3'…..q.| | 80 a7 44 89 7e f4 9c 43 ac 57 2a ad fd ca 02 18 |..D.~..C.W…..| | 2a a4 a7 3c 5d d8 32 dc fa e6 1e 30 14 53 7a a8 |*..<].2….0.Sz.| | bb 5c f0 75 18 52 74 6e 3c 86 40 7d b4 af 2b 08 |..u.Rtn<[email protected]}..+.| | d9 5f 75 cf 87 59 b8 88 6e dd a3 4f 27 ff ff ff |._u..Y..n..O'…| pcry_private_decrypt: stripping 0 bytes, decr_len 256 ssl_decrypt_pre_master_secret wrong pre_master_secret length (256, expected 48) ssl_generate_pre_master_secret: can't decrypt pre master secret trying to use SSL keylog in c:\sslkeylogfile.log failed to open SSL keylog dissect_ssl3_handshake can't generate pre master secret record: offset = 267, reported_length_remaining = 47 dissect_ssl3_record: content_type 20 Change Cipher Spec dissect_ssl3_change_cipher_spec packet_from_server: is from server - FALSE ssl_change_cipher CLIENT record: offset = 273, reported_length_remaining = 41 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 36, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 32 offset 278 length 3561692 bytes, remaining 314

dissect_ssl enter frame #17 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 47 dissect_ssl3_record: content_type 20 Change Cipher Spec dissect_ssl3_change_cipher_spec packet_from_server: is from server - TRUE ssl_change_cipher SERVER record: offset = 6, reported_length_remaining = 41 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 36, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 84 offset 11 length 1500765 bytes, remaining 47

dissect_ssl enter frame #19 (first time) packet_from_server: is from server - FALSE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 318 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 313, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 60867 found 0000000000000000 association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #20 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 948 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 943, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #22 (first time) packet_from_server: is from server - FALSE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 393 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 388, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 60867 found 0000000000000000 association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #23 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 1460 need_desegmentation: offset = 0, reported_length_remaining = 1460

dissect_ssl enter frame #35 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 16409 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 16404, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #35 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 1111 need_desegmentation: offset = 0, reported_length_remaining = 1111

dissect_ssl enter frame #47 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 16409 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 16404, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #47 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 762 need_desegmentation: offset = 0, reported_length_remaining = 762

dissect_ssl enter frame #59 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 16409 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 16404, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #59 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 413 need_desegmentation: offset = 0, reported_length_remaining = 413

dissect_ssl enter frame #71 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 16409 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 16404, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #71 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 64 need_desegmentation: offset = 0, reported_length_remaining = 64

dissect_ssl enter frame #72 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 250 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 245, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #74 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 1460 need_desegmentation: offset = 0, reported_length_remaining = 1460

dissect_ssl enter frame #85 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 16409 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 16404, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #85 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 1111 need_desegmentation: offset = 0, reported_length_remaining = 1111

dissect_ssl enter frame #97 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 16409 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 16404, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #97 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 762 need_desegmentation: offset = 0, reported_length_remaining = 762

dissect_ssl enter frame #98 (first time) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 000000000A5D2280 record: offset = 0, reported_length_remaining = 1431 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 1426, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #8 (already visited) packet_from_server: is from server - FALSE conversation = 0000000005771098, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 223 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 1 offset 5 length 214 bytes, remaining 223

dissect_ssl enter frame #13 (already visited) packet_from_server: is from server - FALSE conversation = 0000000005771240, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 175 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 1 offset 5 length 166 bytes, remaining 175

dissect_ssl enter frame #14 (already visited) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 965 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 965 dissect_ssl3_handshake iteration 0 type 11 offset 86 length 871 bytes, remaining 965 dissect_ssl3_handshake iteration 0 type 14 offset 961 length 0 bytes, remaining 965

dissect_ssl enter frame #16 (already visited) packet_from_server: is from server - FALSE conversation = 0000000005771240, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 314 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267 record: offset = 267, reported_length_remaining = 47 dissect_ssl3_record: content_type 20 Change Cipher Spec dissect_ssl3_change_cipher_spec record: offset = 273, reported_length_remaining = 41 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 32 offset 278 length 3561692 bytes, remaining 314

dissect_ssl enter frame #17 (already visited) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 47 dissect_ssl3_record: content_type 20 Change Cipher Spec dissect_ssl3_change_cipher_spec record: offset = 6, reported_length_remaining = 41 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 84 offset 11 length 1500765 bytes, remaining 47

dissect_ssl enter frame #19 (already visited) packet_from_server: is from server - FALSE conversation = 0000000005771240, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 318 dissect_ssl3_record: content_type 23 Application Data association_find: TCP port 60867 found 0000000000000000 association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #20 (already visited) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 948 dissect_ssl3_record: content_type 23 Application Data association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #22 (already visited) packet_from_server: is from server - FALSE conversation = 0000000005771240, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 393 dissect_ssl3_record: content_type 23 Application Data association_find: TCP port 60867 found 0000000000000000 association_find: TCP port 443 found 0000000004D24240

dissect_ssl enter frame #13 (already visited) packet_from_server: is from server - FALSE conversation = 0000000005771240, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 175 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 1 offset 5 length 166 bytes, remaining 175

dissect_ssl enter frame #14 (already visited) packet_from_server: is from server - TRUE conversation = 0000000005771240, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 965 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 965 dissect_ssl3_handshake iteration 0 type 11 offset 86 length 871 bytes, remaining 965 dissect_ssl3_handshake iteration 0 type 14 offset 961 length 0 bytes, remaining 965

dissect_ssl enter frame #16 (already visited) packet_from_server: is from server - FALSE conversation = 0000000005771240, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 314 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267 record: offset = 267, reported_length_remaining = 47 dissect_ssl3_record: content_type 20 Change Cipher Spec dissect_ssl3_change_cipher_spec record: offset = 273, reported_length_remaining = 41 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 32 offset 278 length 3561692 bytes, remaining 314

asked 17 Oct ‘15, 10:06

CPolydorou's gravatar image

CPolydorou
6113
accept rate: 0%

edited 18 Oct ‘15, 14:22

grahamb's gravatar image

grahamb ♦
19.8k330206


One Answer:

0

Please try first to use the snakeoil2 sample capture. https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=snakeoil2_070531.tgz

Are you able to decrypt it ?

If you can, please upload the key.

answered 18 Oct '15, 02:26

adasko's gravatar image

adasko
86343842
accept rate: 0%

edited 19 Oct '15, 05:51

Hi,

I tried to open the file in the tar archive but there are not packets. The private key is missing also.

I'm using Wireshark 1.12.8 on Windows.

(18 Oct '15, 03:27) CPolydorou

there is a .cap file and the private key inside:

alt text

(18 Oct '15, 03:36) adasko

Never mind, the extension of the file in the archive is missing, that confused me a little bit.

I can decrypt the sample traffic.

I run the browser on another VM, where Wireshark is installed.

Thanks

(18 Oct '15, 03:37) CPolydorou

The Private Key uploaded to Wireshark is the one from the VM running IIS, right ?

(18 Oct '15, 03:38) adasko

Yes. I've uploaded the files here

(18 Oct '15, 03:42) CPolydorou

the .pfx is password protected, can you send it as a pm it to me ?

(18 Oct '15, 03:50) adasko

The password is PasswordForCertificate.

Sorry, I forgot that.

I've also updated the file with the certificate in PEM format converted using openssl.

(18 Oct '15, 03:56) CPolydorou

did you select any other other options beside the default ones ? alt text

(18 Oct '15, 04:32) adasko

Yes the first and the last ones.

(18 Oct '15, 04:56) CPolydorou

try to export it the same options selected as on my screenshot. next convert the private key file in PKCS12 format to PEM format:

openssl pkcs12 -nodes -in your.pfx -out key.pem -nocerts -nodes

c:\OpenSSL-Win32\bin> openssl rsa -in key.pem -out keyout.pem

let me know if that works

(18 Oct '15, 05:02) adasko

I didn't work...

(18 Oct '15, 05:14) CPolydorou

can you please upload the new files...

(18 Oct '15, 05:16) adasko

I'm trying to post the link but I get invalid captcha...

I can't post it here because of SPAM filtering.

(18 Oct '15, 05:35) CPolydorou

when you open the "keyout.pem" do you see it in the following format:

-----BEGIN RSA PRIVATE KEY-----

blablalablablalbalalbalbalbb blablalblalblablalbblblalba..

-----END RSA PRIVATE KEY-----

(18 Oct '15, 05:36) adasko

Yes. I've updated the contents of the first file I've shared with the new files.

Have you tested these files?

(18 Oct '15, 05:39) CPolydorou

well, I'm still not able to decrypt it. Just to double check, you did the export on the server NOT the client, right ? and you are sure that it's the correct one ?

(18 Oct '15, 07:36) adasko

Yes. I do not have any other certificates on the server. I also tried with other cipher suites without any luck.

(18 Oct '15, 08:47) CPolydorou

From https://wiki.wireshark.org/SSL

"The RSA key file can either be a PEM format private key or a PKCS#12 keystore. If the file is a PKCS#12 keystore (typically a file with a .pfx or .p12 extension), the password for the keystore must be specified in the Password field."

Tried with the .pfx you provided, still no luck. I'm puzzled.

Will try to reproduce it tomorrow.

(18 Oct '15, 09:13) adasko

I've tried that also.

Just tried with Wireshark 2.0.0.rc1 with the same results.

(18 Oct '15, 09:15) CPolydorou

one note, the certificate and Private Key match (it was mentioned in other posts that a mismatch can cause issues) but this is not the case ... alt text

(18 Oct '15, 10:04) adasko

guys, please post comments as comments not "answers". I've just spent several minutes of my spare time cleaning up your "answers".

Please read the FAQ for more information.

(18 Oct '15, 14:28) grahamb ♦
showing 5 of 21 show 16 more comments