Wireshark mailing list archives

Re: Strange SSL decode issue (SUPL, ULP)

From: Sake Blok <sake () euronet nl>
Date: Tue, 28 Apr 2015 13:04:37 +0200

On 27 apr 2015, at 14:46, Ralf G. R. Bergs wrote:

I enabled the SSL debug logging, and I noticed the following: For the trace that can't be decrypted I see the 
following:

ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17
ssl_decrypt_pre_master_secret: session uses DH (17) key exchange, which is impossible to decrypt

while for the snoop that can be decrypted I see the following:

ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17
pre master encrypted[256]:

and then a key in hex follows.

I can see from the snoop that the SSL/TLS dialog takes place. I see client hello, server hello, certificate, server 
key exchange, server hello, client key exchange, change cipher spec, encrypted handshake message, change cipher spec, 
encrypted handshake message, multiple application data packets back and forth, encrypted alerts twice.

So it seems client and server /can/ talk.


Yes, the endpoints can communicate...

Conclusion: Wireshark seems to somehow be able to use the RSA key to decrypt the SSL/TLS traffic.


... but Wireshark is only able to decrypt traffic when a RSA key exchange has been used. In a RSA key exchange, there 
is no ServerKeyExchange handshake message (used for the Diffie Hellman [DH] key exchange). As the client uses the 
public key in the Certificate to encrypt the PreMaster data (from which both the client and the server extract the 
session keys used for encrypting the application data).

In short, in a DH key exchange, wireshark can not decrypt the ClientKeyExchange and therefor can not extract the 
session keys used for encrypting the data stream.

You can make sure decryption works in three ways:

- Limit the cipher suites on the client, so that it only advertises non-DH ciphersuites
- Limit the cipher suites on the server, so that it only chooses non-DH ciphersuites (from the ciphersuites advertised 
by the client)
- Make the client or the server log the PreMaster data and point Wireshark to the key log file in the 
"(Pre-)MasterSecret logfile" SSL protocol preference.

Hope this helps,
Cheers,
Sake

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Strange SSL decode issue (SUPL, ULP) Ralf G. R. Bergs (Apr 14)
- Re: Strange SSL decode issue (SUPL, ULP) Jaap Keuter (Apr 14)
  - Re: Strange SSL decode issue (SUPL, ULP) Ralf G. R. Bergs (Apr 15)
    - Re: Strange SSL decode issue (SUPL, ULP) Jaap Keuter (Apr 16)
    - Re: Strange SSL decode issue (SUPL, ULP) Ralf G. R. Bergs (Apr 17)
- Re: Strange SSL decode issue (SUPL, ULP) Ralf G. R. Bergs (Apr 27)
  - Re: Strange SSL decode issue (SUPL, ULP) Sake Blok (Apr 28)
    - Re: Strange SSL decode issue (SUPL, ULP) Ralf G. R. Bergs (Apr 28)