Re: Can't decrypt "snakeoil2" sample SSL session from wiki

[Sake Blok <sake () euronet nl>]

On 10 sep 2012, at 22:02, Grant Edwards wrote:

> I've been trying (and failing) to decrypt an SSL session using my
> server and key.  So, I backed up a step and downloaded the
> snakeoil2_070531.tgz sample file from the wiki:
>
>  http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=snakeoil2_070531.tgz
>
> I can't get that to decrypt either
[...]
> Below is the ssl debug log that gets created when I run
>
> $ wireshark rsasnakeoil2.cap
>
> One line that looks suspicious is where it says
>
> ssl_decrypt_pre_master_secret wrong pre_master_secret length (128, expected 48)
>
> Any ideas on what's wrong?

Usually that means that you are using a private key that does not match the certificate. But it is the 3rd time I hear 
problems (on Linux) with decrypting the traffic with a key that is indeed matching the certificate. It might be the 
version of your SSL libraries that has a bug. Or Wireshark has a bug in the linux version. Could you file a bugreport 
on https://bugs.wireshark.org?

Cheers,
Sake

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe