Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 6869] SSL decryption not work even with example capture fi

Date: Sat, 5 May 2012 14:17:56 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6869

Pascal Quantin <pascal.quantin@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pascal.quantin@xxxxxxxxx

--- Comment #1 from Pascal Quantin <pascal.quantin@xxxxxxxxx> 2012-05-05 14:17:54 PDT ---
Your log file shows that the pre master key decryption failed:
ssl_decrypt_pre_master_secret wrong pre_master_secret length (128, expected 48)
dissect_ssl3_handshake can't decrypt pre master secret

That's why it fails to decrypt the pcap file.

The line:
pcry_private_decrypt: stripping 0 bytes, decr_len 128
suggests an issue when interfacing with your GCrypt library.

On my side on a Windows box Wireshark 1.6.5/1.7.2 nightly build gives the
following line:
pcry_private_decrypt: stripping 79 bytes, decr_len 127 
The decrypted buffer is completely different and the decryption works as
intended.

I also gave a try with the latest 1.7.2 nightly build (compiled with GnuTLS
2.12.14 and Gcrypt 1.5.0) on my Ubuntu box and it is also working fine.

Searching on Google show that you are not the first one facing this issue (it
was raised a fex times on the mailing list) but I did not find an answer.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.