This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Unable to decrypt SSL traffic, what am I doing wrong ?

0

Wireshark v2.0.1 GnuTLS 3.2.15 PEM Format passphraseless private key added to SSL protocol. Has been successfully loaded.

SSL RSA keys list preferences: IP Address=10.139.233.26 Port=10080 Protocol=http

Have ensured, Client Hello/Server Hello captured.

Have filtered on tcp stream and exported, SSL debug log following:

Wireshark SSL debug log

Wireshark version: 2.0.1 (v2.0.1-0-g59ea380 from master-2.0) GnuTLS version: 3.2.15 Libgcrypt version: 1.6.2

ssl_association_remove removing TCP 10080 - http handle 00000000088B4800 KeyID[20]: | ae 4d dc ef 87 7a 05 e1 30 4a 1b 59 1b d8 20 10 |.M…z..0J.Y.. .| | 45 ba 69 7a |E.iz | ssl_load_key: swapping p and q parameters and recomputing u ssl_init private key file D:/temp/nopassphrase.key successfully loaded. ssl_init port '10080' filename 'D:/temp/nopassphrase.key' password(only for p12 file) '' association_add TCP port 10080 protocol http handle 00000000088B4800

dissect_ssl enter frame #4 (first time) association_find: TCP port 47180 found 0000000000000000 packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 182 dissect_ssl3_record: content_type 22 Handshake Calculating hash with offset 5 177 decrypt_ssl3_record: app_data len 177, ssl state 0x00 association_find: TCP port 47180 found 0000000000000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 1 offset 5 length 173 bytes, remaining 182 ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #6 (first time) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 1448 dissect_ssl3_record found version 0x0303(TLS 1.2) -> state 0x11 dissect_ssl3_record: content_type 22 Handshake Calculating hash with offset 5 81 decrypt_ssl3_record: app_data len 81, ssl state 0x11 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 86 ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13 ssl_dissect_hnd_srv_hello found CIPHER 0x003D TLS_RSA_WITH_AES_256_CBC_SHA256 -> state 0x17 record: offset = 86, reported_length_remaining = 1362 need_desegmentation: offset = 86, reported_length_remaining = 1362

dissect_ssl enter frame #7 (first time) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 2682 dissect_ssl3_record: content_type 22 Handshake Calculating hash with offset 5 2677 decrypt_ssl3_record: app_data len 2677, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 11 offset 5 length 2673 bytes, remaining 2682 lookup(KeyID)[20]: | ae 4d dc ef 87 7a 05 e1 30 4a 1b 59 1b d8 20 10 |.M…z..0J.Y.. .| | 45 ba 69 7a |E.iz | ssl_find_private_key_by_pubkey: lookup result: 000000000942BA40

dissect_ssl enter frame #7 (first time) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 42 dissect_ssl3_record: content_type 22 Handshake Calculating hash with offset 5 37 decrypt_ssl3_record: app_data len 37, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 13 offset 5 length 29 bytes, remaining 42 dissect_ssl3_handshake iteration 0 type 14 offset 38 length 0 bytes, remaining 42

dissect_ssl enter frame #10 (first time) packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 1792 dissect_ssl3_record: content_type 22 Handshake Calculating hash with offset 5 1787 decrypt_ssl3_record: app_data len 1787, ssl state 0x217 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 11 offset 5 length 1521 bytes, remaining 1792 lookup(KeyID)[20]: | 18 23 aa a8 6d 41 5c 54 28 97 25 25 6c 96 44 f0 |.#..mA\T(.%%l.D.| | 99 43 cc 22 |.C." | ssl_find_private_key_by_pubkey: lookup result: 0000000000000000 dissect_ssl3_handshake iteration 0 type 16 offset 1530 length 258 bytes, remaining 1792 ssl_load_keyfile dtls/ssl.keylog_file is not configured! ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 217 ssl_restore_master_key can't find pre-master secret by Unencrypted pre-master secret ssl_restore_master_key can't find pre-master secret by Encrypted pre-master secret dissect_ssl3_handshake can't generate pre master secret

dissect_ssl enter frame #12 (first time) packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 269 dissect_ssl3_record: content_type 22 Handshake Calculating hash with offset 5 264 decrypt_ssl3_record: app_data len 264, ssl state 0x217 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 15 offset 5 length 260 bytes, remaining 269

dissect_ssl enter frame #14 (first time) packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 Change Cipher Spec ssl_load_keyfile dtls/ssl.keylog_file is not configured! ssl_finalize_decryption state = 0x217 ssl_restore_master_key can't find master secret by Session ID ssl_restore_master_key can't restore master secret using an empty Session Ticket ssl_restore_master_key can't find master secret by Client Random Cannot find master secret packet_from_server: is from server - FALSE ssl_change_cipher CLIENT

dissect_ssl enter frame #16 (first time) packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 85 dissect_ssl3_record: content_type 22 Handshake Calculating hash with offset 5 80 decrypt_ssl3_record: app_data len 80, ssl state 0x217 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 250 offset 5 length 11866047 bytes, remaining 85

dissect_ssl enter frame #18 (first time) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 91 dissect_ssl3_record: content_type 20 Change Cipher Spec ssl_dissect_change_cipher_spec Not using Session resumption ssl_load_keyfile dtls/ssl.keylog_file is not configured! ssl_finalize_decryption state = 0x217 ssl_restore_master_key can't find master secret by Session ID ssl_restore_master_key can't restore master secret using an empty Session Ticket ssl_restore_master_key can't find master secret by Client Random Cannot find master secret packet_from_server: is from server - TRUE ssl_change_cipher SERVER record: offset = 6, reported_length_remaining = 85 dissect_ssl3_record: content_type 22 Handshake Calculating hash with offset 11 80 decrypt_ssl3_record: app_data len 80, ssl state 0x217 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 4 offset 11 length 1731724 bytes, remaining 91

dissect_ssl enter frame #19 (first time) packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 805 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 800, ssl state 0x217 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 47180 found 0000000000000000 association_find: TCP port 10080 found 000000000A538FD0

dissect_ssl enter frame #20 (first time) packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 885 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 880, ssl state 0x217 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available

dissect_ssl enter frame #22 (first time) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 389 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 384, ssl state 0x217 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available

dissect_ssl enter frame #23 (first time) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 197 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 192, ssl state 0x217 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available

dissect_ssl enter frame #24 (first time) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 69 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 64, ssl state 0x217 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available

dissect_ssl enter frame #25 (first time) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 000000000B181980 record: offset = 0, reported_length_remaining = 69 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 64, ssl state 0x217 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available

dissect_ssl enter frame #4 (already visited) packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 182 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 1 offset 5 length 173 bytes, remaining 182

dissect_ssl enter frame #6 (already visited) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 1448 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 86 record: offset = 86, reported_length_remaining = 1362 need_desegmentation: offset = 86, reported_length_remaining = 1362

dissect_ssl enter frame #7 (already visited) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 2682 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 11 offset 5 length 2673 bytes, remaining 2682

dissect_ssl enter frame #7 (already visited) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 42 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 13 offset 5 length 29 bytes, remaining 42 dissect_ssl3_handshake iteration 0 type 14 offset 38 length 0 bytes, remaining 42

dissect_ssl enter frame #10 (already visited) packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 1792 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 11 offset 5 length 1521 bytes, remaining 1792 dissect_ssl3_handshake iteration 0 type 16 offset 1530 length 258 bytes, remaining 1792

dissect_ssl enter frame #12 (already visited) packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 269 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 15 offset 5 length 260 bytes, remaining 269

dissect_ssl enter frame #14 (already visited) packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 Change Cipher Spec

dissect_ssl enter frame #16 (already visited) packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 85 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 250 offset 5 length 11866047 bytes, remaining 85

dissect_ssl enter frame #18 (already visited) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 91 dissect_ssl3_record: content_type 20 Change Cipher Spec record: offset = 6, reported_length_remaining = 85 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 4 offset 11 length 1731724 bytes, remaining 91

dissect_ssl enter frame #19 (already visited) packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 805 dissect_ssl3_record: content_type 23 Application Data

dissect_ssl enter frame #20 (already visited) packet_from_server: is from server - FALSE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 885 dissect_ssl3_record: content_type 23 Application Data

dissect_ssl enter frame #22 (already visited) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 389 dissect_ssl3_record: content_type 23 Application Data

dissect_ssl enter frame #23 (already visited) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 197 dissect_ssl3_record: content_type 23 Application Data

dissect_ssl enter frame #24 (already visited) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 69 dissect_ssl3_record: content_type 23 Application Data

dissect_ssl enter frame #25 (already visited) packet_from_server: is from server - TRUE conversation = 000000000B181160, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 69 dissect_ssl3_record: content_type 23 Application Data

asked 04 Feb ‘16, 22:24

TwoYrOldGorilla's gravatar image

TwoYrOldGorilla
11115
accept rate: 0%

edited 01 Jun ‘16, 21:58


One Answer:

1

You are affected by bug 12042 which is a regression introduced with Wireshark 2.0 and will be fixed in 2.0.2 (which is scheduled for 11 February). The issue occurs when Wireshark 2.0 and 2.0.1 are used to decrypt a SSL capture which contain a Client Certificate (also known as two-way SSL or mutual authentication). As a workaround, you can try to ignore the Client Certificate packet.

Details of analysis:

dissect_ssl enter frame #7 (first time)
packet_from_server: is from server - TRUE
...
dissect_ssl3_record: content_type 22 Handshake
...
dissect_ssl3_handshake iteration 1 type 11 offset 5 length 2673 bytes, remaining 2682 
lookup(KeyID)[20]:
| ae 4d dc ef 87 7a 05 e1 30 4a 1b 59 1b d8 20 10 |.M...z..0J.Y.. .|
| 45 ba 69 7a                                     |E.iz            |
ssl_find_private_key_by_pubkey: lookup result: 000000000942BA40

Type 11 is a Certificate and the private key lookup has succeeded. It should be used unless another certificate is found.

dissect_ssl enter frame #10 (first time)
packet_from_server: is from server - FALSE
...
dissect_ssl3_record: content_type 22 Handshake
...
dissect_ssl3_handshake iteration 1 type 11 offset 5 length 1521 bytes, remaining 1792 
lookup(KeyID)[20]:
| 18 23 aa a8 6d 41 5c 54 28 97 25 25 6c 96 44 f0 |.#..mA\T(.%%l.D.|
| 99 43 cc 22                                     |.C."            |
ssl_find_private_key_by_pubkey: lookup result: 0000000000000000

Oops, another Certificate (handshake message type 11), but this time it is not from the server. The client certificate cannot be used for decryption and the key lookup fails and clears the previously found private key.

answered 09 Feb '16, 09:21

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%