Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSL decrypter pre master secret handling

From: Wayne Blacklock <wayneblacklock () gmail com>
Date: Fri, 17 Aug 2012 16:33:29 -0400
On Fri, Aug 17, 2012 at 4:19 PM, Sake Blok <sake () euronet nl> wrote:


On 16 aug 2012, at 20:20, Wayne Blacklock wrote:

When everything isn't ok, the SSL decryption fails:

ssl_decrypt_pre_master_secret:RSA_private_decrypt
pcry_private_decrypt: stripping 146 bytes, decr_len 255
decrypted_unstrip_pre_master[255]:
<snip>
ssl_decrypt_pre_master_secret wrong pre_master_secret length (109,
expected 48)
dissect_ssl3_handshake can't decrypt pre master secret

Now I am no SSL expert, but I don't think this is right. What I hope to
understand and the reason for this post, is how exactly the byte stripping
works... where does the SSL decrypter  get 146 from and could this explain
our SSL issues? If so, what exactly is going wrong? I've had a bit of a
look through the TLS spec but it isn't clear to me and so I would
appreciate any and all advice.


The only situations where I have seen the message "wrong pre_master_secret
length" were when the public key in the server certificate did not match
the provided private key. Can you verify that the *exact* same certificate
is used in both sessions?



So I suppose this is my next question. We're using a Java based
implementation. We have the root cert in our trust store. My understanding
is the public key should come from the server during the SSL transaction
and ServerHello right? We don't have the servers certificate in our key
store, just the root cert so the key has to be coming from the server
during the ServerHello.

I have compared good and bad transactions at the packet SSL level and I can
see no differences (except for the secrets). The key coming from the server
is the same.

Thanks for your help.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: