Wireshark-users: Re: [Wireshark-users] URGENT Please Help -- SSLv3 Application Data decryption on
From: Vijay Sitaram <vjatfugen@xxxxxxxxx>
Date: Tue, 31 Oct 2006 10:33:38 -0800 (PST)
Thank you very much for testing and verifying it again.  Can you please tell me how you did it?  If you could copy and paste the ssldebug.txt file, that will also be very helpful.
 
    Regards,
 
Vijay


ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
Yes it has been tested.


I use linux and I just verified it again using the example and the
instructions on http://wiki.wireshark.org/SSL
and once I set the preference properly and I restart wireshark it does
decrypt the example capture just fine.



On 10/31/06, Vijay Sitaram wrote:
> Hi All,
>
> Can someone authoritatively answer this question:
>
> Has the 'WireShark / Tshark' program ever been used for SSLv3 dissection
> on Linux?
>
> I have posted related questions several times but have not received
> any complete responses. Recently I came across Bug ID 1119 (SSL dissector
> not decrypting SSLv3 and TLS 1.0 traffic (only tested in win32)). If this
> is true then perhaps my efforts are futile?
>
> I would happy to debug this issue further if someone can point me in
> the right direction. Here is some relevant information from a log file when
> I try to decrypt the sample:
> ...
> ssl_init keys string
> 127.0.0.1,443,http,/home/vijay/snakeoil2/rsasnakeoil2.key
> ssl_init found host entry
> 127.0.0.1,443,http,/home/vijay/snakeoil2/rsasnakeoil2.key
> ssl_init addr 127.0.0.1 port 443 filename
> /home/vijay/snakeoil2/rsasnakeoil2.key
> ssl_get_version: 1.0.20
> ssl_init private key file /home/vijay/snakeoil2/rsasnakeoil2.key
> successfully loaded
> ...
> association_find: port 38713 found (nil)
> packet_from_server: is from server 0
> dissect_ssl server 127.0.0.1:443
> client random len: 16 padded to 32
> dissect_ssl3_record: content_type 22
> decrypt_ssl3_record: app_data len 74 ssl state 11
> decrypt_ssl3_record: no session key
> ...
> ssl_decrypt_pre_master_secret wrong pre_master_secret lenght (128,
> expected 48)
> dissect_ssl3_handshake can't decrypt pre master secret
> dissect_ssl3_record: content_type 20
> dissect_ssl3_change_cipher_spec
> ...
>
> Thanks for your response. Kind regards,
>
> Vijay
>
>
>
> ---------------------------------
> Want to start your own business? Learn how on Yahoo! Small Business.
>
> ---------------------------------
> Everyone is raving about the all-new Yahoo! Mail.
>


Check out the New Yahoo! Mail - Fire up a more powerful email and get things done faster.


Want to start your own business? Learn how on Yahoo! Small Business.