Wireshark · Wireshark-users: Re: [Wireshark-users] Wrong protocol detection - wrong decryption

[bitozoid <bitozoid@xxxxxxxxx>]

I have also checked the private key and exported certificate:
$ openssl x509 -in exported_certificate_from_wireshark.der -inform DER
-noout -modulus | openssl md5
(stdin)= 03b659a8802627399f3289b8254e69aa
$ openssl rsa -in /home/bitozoid/server-private.key -inform PEM -noout
-modulus | openssl md5
(stdin)= 03b659a8802627399f3289b8254e69aa

This is another capture. Still having the same problem.
#117 is a [TCP segment of a reassembled PDU].

---------

ssl_association_remove removing TCP 25 - smtp handle 0x1eb9c50
Private key imported: KeyID 6e:1a:a0:7a:e0:0c:73:eb:b7:52:90:df:f4:0e:41:6f:...
ssl_init IPv4 addr '10.141.188.73' (10.141.188.73) port '25' filename
'/home/bitozoid/server-private.key' password(only for p12 file) ''
ssl_init private key file /home/bitozoid/server-private.key successfully loaded.
association_add TCP port 25 protocol smtp handle 0x1eb9c50

dissect_ssl enter frame #110 (first time)
ssl_session_init: initializing ptr 0x7fec8cb40420 size 680
  conversation = 0x7fec8cb3ff70, ssl_session = 0x7fec8cb40420
  record: offset = 0, reported_length_remaining = 104

dissect_ssl enter frame #112 (first time)
  conversation = 0x7fec8cb3ff70, ssl_session = 0x7fec8cb40420
  record: offset = 0, reported_length_remaining = 38

dissect_ssl enter frame #113 (first time)
  conversation = 0x7fec8cb3ff70, ssl_session = 0x7fec8cb40420
  record: offset = 0, reported_length_remaining = 271

dissect_ssl enter frame #114 (first time)
  conversation = 0x7fec8cb3ff70, ssl_session = 0x7fec8cb40420
  record: offset = 0, reported_length_remaining = 10

dissect_ssl enter frame #115 (first time)
  conversation = 0x7fec8cb3ff70, ssl_session = 0x7fec8cb40420
  record: offset = 0, reported_length_remaining = 29

dissect_ssl enter frame #116 (first time)
  conversation = 0x7fec8cb3ff70, ssl_session = 0x7fec8cb40420
  record: offset = 0, reported_length_remaining = 72
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 67, ssl state 0x00
association_find: TCP port 37610 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 63 bytes, remaining 72
packet_from_server: is from server - FALSE
ssl_find_private_key server 10.141.188.73:25
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #117 (first time)
  conversation = 0x7fec8cb3ff70, ssl_session = 0x7fec8cb40420
  record: offset = 0, reported_length_remaining = 1448
  need_desegmentation: offset = 0, reported_length_remaining = 1448

dissect_ssl enter frame #118 (first time)
  conversation = 0x7fec8cb3ff70, ssl_session = 0x7fec8cb40420
  record: offset = 0, reported_length_remaining = 2114
dissect_ssl3_record found version 0x0301 -> state 0x11
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 2109, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes,
remaining 2114
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
dissect_ssl3_hnd_srv_hello found CIPHER 0x002F -> state 0x17
dissect_ssl3_hnd_srv_hello trying to generate keys
ssl_generate_keyring_material not enough data to generate key (0x17
required 0x37 or 0x57)
dissect_ssl3_hnd_srv_hello can't generate keyring material
dissect_ssl3_handshake iteration 0 type 11 offset 79 length 2027
bytes, remaining 2114
dissect_ssl3_handshake iteration 0 type 14 offset 2110 length 0 bytes,
remaining 2114

dissect_ssl enter frame #120 (first time)
  conversation = 0x7fec8cb3ff70, ssl_session = 0x7fec8cb40420
  record: offset = 0, reported_length_remaining = 267
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 262, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes,
remaining 267
pre master encrypted[256]:
08 63 96 70 3a 19 14 b8 d0 57 7b 5d 9b ed ad 77
93 e6 96 76 e5 18 3c ef 00 d0 fc 81 3d d5 8d b7
1d 46 b7 5f 93 01 76 bf 69 00 b7 4a 4c f6 d7 42
f5 fe 69 89 5f 43 9b d6 63 d8 67 43 81 d4 58 85
f6 b2 b3 fb 32 af 70 80 22 b3 95 f6 b7 4b a8 a1
c9 1d 3b 25 67 a4 c7 be 91 30 2e c8 98 c2 c5 d0
97 48 9c bd 13 35 91 75 b3 14 e0 37 89 08 72 a1
28 2b 22 33 44 2b e9 cd c1 8f ee f0 3e 38 5e f1
88 fb f1 fa 61 6f 8b df 6f 97 56 de 71 e3 73 49
40 7a f5 d5 fa 66 bd 39 11 e6 61 15 03 3b ff c9
94 0d d4 f8 79 d5 96 8a e2 f0 df ba 33 30 c2 a9
46 04 74 02 9c 16 a2 3b 0d ef 1d ee 39 45 1d 2b
42 df 71 88 3c 0e 0b 17 ac 18 e1 a9 9f 83 7a 4e
d9 82 be a6 30 8b d9 c3 a7 45 9d cd 9f 28 d8 2a
30 a7 31 8e 2b cd af a8 73 c3 a0 6d e8 ad 28 d4
a0 d1 2f e4 fe eb 33 ec f6 b9 6a 9f 9c dc df e7
ssl_decrypt_pre_master_secret:RSA_private_decrypt
pcry_private_decrypt: stripping 31 bytes, decr_len 256
decrypted_unstrip_pre_master[256]:
93 58 39 9d c5 0c 2c 75 99 46 31 a1 17 9f 14 43
0d f9 26 25 29 d3 e4 f5 50 af 68 34 c9 54 00 e4
76 1b 58 c0 ce f8 f3 38 92 03 1f 7e c3 a3 25 21
e8 a1 71 7d 33 4b 1c f7 0a 9b d3 f2 dd 40 e1 1a
c5 50 6b fc 83 ce 63 c4 31 5a df 72 37 fb c1 7f
f9 e0 88 6f 80 13 68 b7 e8 63 0a 1b 8a a6 5b f3
ed 42 22 99 e0 55 57 f2 38 75 d8 94 08 0b 8c cf
36 fc d8 e5 04 84 b2 c0 e7 93 bb 81 d9 65 0f 00
4a 8e 07 71 a6 c9 5d f7 e9 5f 45 e4 c9 70 35 95
e9 6a 24 4b 7f 90 78 a3 9f bf 05 5d b0 62 aa 08
50 4c cd 15 95 06 8b 1d a5 9f 49 40 ff 09 98 5e
82 bb ba 28 83 19 88 94 4a 08 c0 7c fe 45 e1 5d
ae b7 61 c2 b6 ee 04 f7 e9 fe 2f a5 e0 70 4b a7
aa b0 a5 a5 75 98 d2 24 aa 29 27 40 ac 5a a5 3b
e8 ca 3c 15 6b b4 6d 6a ba 7f 43 35 67 fa 3c 85
ff 22 30 d6 ae c0 01 9f e3 3b b6 a3 85 49 a1 dc
ssl_decrypt_pre_master_secret wrong pre_master_secret length (225, expected 48)
dissect_ssl3_handshake can't decrypt pre master secret