This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SSL decoding not working 1.6.5 on Windows 7 64-bit

0

The routine seems straight forward:

  • remote server has address 75.147.41.121 with port 8443
  • I have created its private key and placed its pem encoded form on the client for wireshark-
  • in the preferences/protocol/ssl I have added the required information such that the ssl_keys file contains the following:-
  • "75.147.121.41","8443","http","C:\users\brian\projects\cJoxPlz\demo\BaseManagerWan_SecureRawHttpSend\res\tomcat75.pem",""

Everything looks correct according to the documentation, this forum, googling etc. The ssl debug log indicates that the pem-encoded private key is properly loaded:

ssl_association_remove removing TCP 8443 - http handle 000000000418A280
Private key imported: KeyID bc:43:14:85:bd:de:53:9a:67:10:1d:f3:26:9f:b1:42:...
ssl_init IPv4 addr '75.147.121.41' (75.147.121.41) port '8443' filename 'C:\users\brian\projects\JoxPlz\demo\BaseManagerWan_SecureRawHttpSend\res\tomcat75.pem' password(only for p12 file) ''
ssl_init private key file C:\users\brian\projects\JoxPlz\demo\BaseManagerWan_SecureRawHttpSend\res\tomcat75.pem successfully loaded.
association_add TCP port 8443 protocol http handle 000000000418A280

But during an actual exchange the very next block of information in the debug log gives the following error:

dissect_ssl enter frame #4 (first time)
ssl_session_init: initializing ptr 0000000005C51D30 size 680
  conversation = 0000000005C51880, ssl_session = 0000000005C51D30
  record: offset = 0, reported_length_remaining = 103
packet_from_server: is from server - FALSE
ssl_find_private_key server 75.147.41.121:8443
ssl_find_private_key can't find private key for this server! Try it again with universal port 0
ssl_find_private_key can't find private key for this server (universal port)! Try it again with universal address 0.0.0.0
ssl_find_private_key can't find any private key!
client random len: 32 padded to 32
dissect_ssl2_hnd_client_hello found CLIENT RANDOM -> state 0x01

It can't find the private key for the server yet it is successfully loaded. Restart of wireshark, system reboot, etc (also suggested) does not solve the problem. Address and all other parameters look correct. I cannot see what I am doing wrong. So all I get to see is SSL encrypted junk and no possibility to debug. (Axis2/Rampart doesn't like my SAML token and I don't know why!)

Do I need the private key of the client? (The client key validation is not part of this exchange.)-

asked 21 Feb '12, 02:08

gyannea's gravatar image

gyannea
5114
accept rate: 0%

edited 21 Feb '12, 04:23

grahamb's gravatar image

grahamb ♦
19.8k330206

One Answer:

2

Check your IP addresses. In your text you state the server has 75.147.41.121, yet the line showing your key definition has 75.147.121.41.

This is reflected in the debug log output:

ssl_init IPv4 addr '75.147.121.41' (75.147.121.41) port '8443' ...

ssl_find_private_key server 75.147.41.121:8443

answered 21 Feb '12, 04:37

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Man you are a god send! How could I do something so stupid!?! Do you know I spent a whole day on that? Reminds me of a stupid error on a stats test years ago where I wrote 2 + 2 = 2 and had to have the prof point it out after days of trying (n vain) to find the mistake. Worse is that someone else made a similar mistake on this site SO I ACTUALLY LOOKED for such an error. AAARRRG! But thanks. It works!

(21 Feb '12, 04:44) gyannea

No problem, we've all made similar mistakes. Could you accept the answer instead of voting it up, thanks.

(21 Feb '12, 04:58) grahamb ♦
1

Ahh, took a while but now I see how to mark something as answered.

(21 Feb '12, 05:47) gyannea