Wireshark mailing list archives

Re: SSL Decoding fails on Linux, works on Windows 7 64-bit

From: Bas Nedermeijer <baswire () tcfaa nl>
Date: Mon, 20 Aug 2012 21:49:32 +0200

On Monday 20 August 2012 21:21:42 Sake Blok wrote:

On 20 aug 2012, at 21:05, Bas Nedermeijer wrote:

The ssl.debug file (partial) of the Linux version (which fails). Some
filenames have been altered. But the KeyID shows it is the same private
key. [...]
ssl_decrypt_pre_master_secret wrong pre_master_secret length (87, expected
48) dissect_ssl3_handshake can't decrypt pre master secret


Are you sure the configured key matches the certificate in the tracefile?
Every time I have encountered the above messages, I was using a key that
did not match the certificate



I am pretty sure, the keyid in the logfiles is the same. And the (captured) 
data is captured on the windows machine, and loaded on the linux machine. So 
those are also the same.

The only thing I had to convert was the pfx file, the linux wireshark did not 
want to load it. So I had to extract the private key, and remove the password 
from the key. (I do not give the certificate to wireshark on linux).

I hope this is enough information. I cannot share the actual captured data
and key. But if needed I think I can reproduce the problem with a
self-signed key (and dummy session).


If you do have a matching certificate and key and you still get this
message, please reproduce the issue with files that you can share :-)


I'll try to find a IIS machine I can use (need to load a self-signed key).


Regards,
Groeten,

Bas Nedermeijer

Cheers,
Groeten,


Sake
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            
mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

SSL Decoding fails on Linux, works on Windows 7 64-bit Bas Nedermeijer (Aug 20)
- Re: SSL Decoding fails on Linux, works on Windows 7 64-bit Sake Blok (Aug 20)
  - Re: SSL Decoding fails on Linux, works on Windows 7 64-bit Bas Nedermeijer (Aug 20)
    - Re: SSL Decoding fails on Linux, works on Windows 7 64-bit Sake Blok (Aug 20)
    - Re: SSL Decoding fails on Linux, works on Windows 7 64-bit Bas Nedermeijer (Aug 20)
    - Re: SSL Decoding fails on Linux, works on Windows 7 64-bit Sake Blok (Aug 21)