This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi there!

I'm unable to decrypt some SSL Traffic. Here is the debug log:

Wireshark SSL debug log

Wireshark version: 2.2.5 (v2.2.5-0-g440fd4d)
GnuTLS version:    3.2.15
Libgcrypt version: 1.6.2

dissect_ssl enter frame #4 (first time)
packet_from_server: is from server - FALSE
  conversation = 000001C940D36700, ssl_session = 000001C940D370D0
  record: offset = 0, reported_length_remaining = 169
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 5 164
decrypt_ssl3_record: app_data len 164, ssl state 0x00
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 160 bytes, remaining 169 
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #5 (first time)
packet_from_server: is from server - TRUE
  conversation = 000001C940D36700, ssl_session = 000001C940D370D0
  record: offset = 0, reported_length_remaining = 1460
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 5 85
decrypt_ssl3_record: app_data len 85, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 81 bytes, remaining 90 
ssl_try_set_version found version 0x0303 -> state 0x91
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_dissect_hnd_srv_hello found CIPHER 0x003D TLS_RSA_WITH_AES_256_CBC_SHA256 -> state 0x97
  record: offset = 90, reported_length_remaining = 1370
  need_desegmentation: offset = 90, reported_length_remaining = 1370

dissect_ssl enter frame #7 (first time)
packet_from_server: is from server - TRUE
  conversation = 000001C940D36700, ssl_session = 000001C940D370D0
  record: offset = 0, reported_length_remaining = 3324
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 5 3319
decrypt_ssl3_record: app_data len 3319, ssl state 0x97
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 5 length 3315 bytes, remaining 3324 
lookup(KeyID)[20]:
| 02 ff 3a e6 1a ba e6 78 d1 25 d9 16 ff ef de 7c |..:....x.%.....||
| f2 45 e2 3f                                     |.E.?            |
ssl_find_private_key_by_pubkey: lookup result: 0000000000000000

dissect_ssl enter frame #7 (first time)
packet_from_server: is from server - TRUE
  conversation = 000001C940D36700, ssl_session = 000001C940D370D0
  record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 5 4
decrypt_ssl3_record: app_data len 4, ssl state 0x97
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9

dissect_ssl enter frame #11 (first time)
packet_from_server: is from server - FALSE
  conversation = 000001C940D36700, ssl_session = 000001C940D370D0
  record: offset = 0, reported_length_remaining = 358
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 5 262
decrypt_ssl3_record: app_data len 262, ssl state 0x297
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267 
ssl_load_keyfile dtls/ssl.keylog_file is not configured!
ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 297
ssl_restore_master_key can't find pre-master secret by Unencrypted pre-master secret
ssl_restore_master_key can't find pre-master secret by Encrypted pre-master secret
dissect_ssl3_handshake can't generate pre master secret
  record: offset = 267, reported_length_remaining = 91
dissect_ssl3_record: content_type 20 Change Cipher Spec
ssl_load_keyfile dtls/ssl.keylog_file is not configured!
ssl_finalize_decryption state = 0x297
ssl_restore_master_key can't find master secret by Session ID
ssl_restore_master_key can't find master secret by Client Random
  Cannot find master secret
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
  record: offset = 273, reported_length_remaining = 85
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 278 80
decrypt_ssl3_record: app_data len 80, ssl state 0x297
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 58 offset 278 length 5738267 bytes, remaining 358

dissect_ssl enter frame #13 (first time)
packet_from_server: is from server - TRUE
  conversation = 000001C940D36700, ssl_session = 000001C940D370D0
  record: offset = 0, reported_length_remaining = 6
dissect_ssl3_record: content_type 20 Change Cipher Spec
ssl_dissect_change_cipher_spec Not using Session resumption
ssl_load_keyfile dtls/ssl.keylog_file is not configured!
ssl_finalize_decryption state = 0x297
ssl_restore_master_key can't find master secret by Session ID
ssl_restore_master_key can't find master secret by Client Random
  Cannot find master secret
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER

dissect_ssl enter frame #14 (first time)
packet_from_server: is from server - TRUE
  conversation = 000001C940D36700, ssl_session = 000001C940D370D0
  record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 5 80
decrypt_ssl3_record: app_data len 80, ssl state 0x297
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 100 offset 5 length 8965755 bytes, remaining 85

dissect_ssl enter frame #17 (first time)
packet_from_server: is from server - FALSE
  conversation = 000001C940D36700, ssl_session = 000001C940D370D0
  record: offset = 0, reported_length_remaining = 325
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 320, ssl state 0x297
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available

dissect_ssl enter frame #19 (first time)
packet_from_server: is from server - TRUE
  conversation = 000001C940D36700, ssl_session = 000001C940D370D0
  record: offset = 0, reported_length_remaining = 354
  need_desegmentation: offset = 0, reported_length_remaining = 354

dissect_ssl enter frame #20 (first time)
packet_from_server: is from server - TRUE
  conversation = 000001C940D36700, ssl_session = 000001C940D370D0
  record: offset = 0, reported_length_remaining = 1525
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 1520, ssl state 0x297
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available

asked 13 Mar '17, 04:11

Pu7A's gravatar image

Pu7A
6112
accept rate: 0%

edited 13 Mar '17, 04:34

grahamb's gravatar image

grahamb ♦
19.8k330206


It seemed to be some sort of error loading the key file. After closing Wireshark and reopening, it worked.

permanent link

answered 13 Mar '17, 04:51

Pu7A's gravatar image

Pu7A
6112
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×56

question asked: 13 Mar '17, 04:11

question was seen: 1,496 times

last updated: 13 Mar '17, 04:51

p​o​w​e​r​e​d by O​S​Q​A