Wireshark-users: [Wireshark-users] URGENT Please Help -- SSLv3 Application Data decryption on Lin
Hi All,
Can someone authoritatively answer this question:
Has the 'WireShark / Tshark' program ever been used for SSLv3 dissection on Linux?
I have posted related questions several times but have not received any complete responses. Recently I came across Bug ID 1119 (SSL dissector not decrypting SSLv3 and TLS 1.0 traffic (only tested in win32)). If this is true then perhaps my efforts are futile?
I would happy to debug this issue further if someone can point me in the right direction. Here is some relevant information from a log file when I try to decrypt the sample:
...
ssl_init keys string 127.0.0.1,443,http,/home/vijay/snakeoil2/rsasnakeoil2.key
ssl_init found host entry
127.0.0.1,443,http,/home/vijay/snakeoil2/rsasnakeoil2.key
ssl_init addr 127.0.0.1 port 443 filename /home/vijay/snakeoil2/rsasnakeoil2.key
ssl_get_version: 1.0.20
ssl_init private key file /home/vijay/snakeoil2/rsasnakeoil2.key successfully loaded
...
association_find: port 38713 found (nil)
packet_from_server: is from server 0
dissect_ssl server 127.0.0.1:443
client random len: 16 padded to 32
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 74 ssl state 11
decrypt_ssl3_record: no session key
...
ssl_decrypt_pre_master_secret wrong pre_master_secret lenght (128, expected 48)
dissect_ssl3_handshake can't decrypt pre master secret
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
...
Thanks for your response. Kind regards,
Vijay
Want to start your own business? Learn how on
Yahoo! Small Business.
Everyone is raving about the
all-new Yahoo! Mail.
