This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am not seeing any decoded application data.

I am running wireshark 2.4 on the web server box, I have the private key in .pem format

I have the server private key listed in the RSA keys list

I have the port specified as start_tls and the protocol as http.

The traffic comes in on https://servername:4993

Is there anything else I need to specify in the rsa keys list or ???

thanks ron

asked 09 Oct, 13:03

ronrrm's gravatar image

ronrrm
16113
accept rate: 0%


The port number in the RSA keys dialog is actually ignored since Wireshark 2.2, at least for matching the private key file.

You probably run into a TLS session which uses a (EC)DHE cipher suite instead of one based on the RSA key exchange. Such sessions cannot be decrypted using the RSA private key file, look for the keylog file (SSLKEYLOGFILE) approach instead.

permanent link

answered 14 Oct, 10:52

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

Presuming that the traffic is simply https on port 4993, try replacing the start_tls entry with 4993.

permanent link

answered 10 Oct, 02:13

grahamb's gravatar image

grahamb ♦
19.8k330205
accept rate: 22%

Did that, same results. Tried 443, 4993, start_tls...Same results

(10 Oct, 15:52) ronrrm

We need to see the contents of the SSL debug log. In the SSL preferences configure a debug log file and then amend your question with the contents of the log file.

(11 Oct, 01:46) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×10

question asked: 09 Oct, 13:03

question was seen: 321 times

last updated: 14 Oct, 10:52

p​o​w​e​r​e​d by O​S​Q​A