Wireshark-bugs: [Wireshark-bugs] [Bug 3303] New: Wireshark is somehow not capable of dissecting
Date: Thu, 5 Mar 2009 02:01:40 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3303

           Summary: Wireshark is somehow not capable of dissecting a
                    handshake message that is fragmented
           Product: Wireshark
           Version: 1.1.x (Experimental)
          Platform: PC
               URL: http://www.wireshark.org/lists/wireshark-
                    users/200903/msg00047.html
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: Michael.Breu@xxxxxxxxx
                CC: Michael.Breu@xxxxxxxxx


Created an attachment (id=2811)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2811)
Capture file with enclosed ssl-communication (captured on server side)

Build Information:
Version 1.1.2 (SVN Rev 27238)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.14.7, with GLib 2.18.4, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.6.3, with Gcrypt 1.4.3, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jan 15 2009), with
AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS 2.6.3,
Gcrypt 1.4.3, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I tried to debug a ssl-connection, and failed, because of a

    ssl_generate_keyring_material not enough data to generate key (0x17
required 0x37 or 0x57) 

Although the cause was a misconfiguration in the apache webserver, it seems
also a problem with wireshark, not being able to handle fragmented
ssl-handshakes.

As proposed in
http://www.wireshark.org/lists/wireshark-users/200903/msg00047.html I open a
bug report for it.

Find the cap-file enclosed. Unfortunatelly I cannot provide the private key,
because it is in productive use.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.