Hello - Problem Definition I've configured SQL Server 2005 Express edition to use SSL encryption for database connections. I use SQL Mgmt Studio to connect to my database with "encrypt" check box on. I've even enabled the FIPS 140-2 complaince in my local policy. I want to check if the DB connection is truely using TLS/SSL when I connect from mgmt studio to the SQL Server db. My connection is successful, and when I use "Microsoft network monitor 3.4" utility to check the traffic, I can see the TLS protocol packets. But when I use Wireshark, I only see TCP protocol packets. No TLS. My Environment Windows 7 professional laptop, Sql Svr 2005 express svc pk 3 Wireshark 1.4.1 (with GnuTLS 2.8.5 - checked in about) A self generated certificate using makecert What I tried in Wireshark Since TLS protocol packets were not showing up by default, I tried to follow some information on http://wiki.wireshark.org/SSL? to use SSL dissector. The certificate I created and deployed for SQL Server was using the following command makecert -r -pe -n "CN=mycompanyname" -b 01/01/2000 -e 01/01/2050 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 c:mycert.cer I imported the generated certificate using MMC. Then I exported this imported certificate along with the private key, in PFX format (mycert.pfx). The export happened for PKCS12 Then I used the following command to extract all the information in PEM file from the PFX file. openssl pkcs12 -in exportedsproutscertWithPrivateKeyUsesPKCS12.pfx -out key.pem Then I copied the private key from the generate PEM file into a separate file myprivatekey.key Then I went in preferences-protocols-ssl in wireshark and configured the RSA Keys list box to say 127.0.0.1,0,tcp,c:pathtomyprivatekeymyprivatekey.key,privatekeypassword All other checkboxes are selected and I specified a log file for SSL Debug file. When I apply and run wireshark to monitor the traffic, I get the following error in the debug file. "gnutls_pkcs12_import(ssl_p12, &data, GNUTLS_X509_FMT_DER, 0) - ASN1 parser: Error in TAG." Why?? -Is there something wrong in my syntax for RSA keys list? -If my private key is not valid or whatever, why wouldnt i see any errors when i generated the certificate using makecert or when i imported/exported it or when i used openssl to convert from PFX to PEM. I went from .cer to .pfx to .pem and saw no errors anywhere. asked 09 Nov '10, 11:35  lazybee26 |
One Answer:
Just a quick thought on "not seeing TLS" traffic. Is the traffic on port 443 or another port? If another port, add the port number to preferences > HTTP in the SSL/TLS ports area. The key syntax should look something like 127.0.0.1,443,http,c:keylistmykey.key - not the port is 443 and the protocol is http after it. You're not decrypting TCP - you're decrypting HTTP. answered 11 Nov '10, 17:17  lchappell ♦ |
