Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] SSL issue - using key but not decoding data

From: jacob c <jctx09@xxxxxxxxx>
Date: Mon, 5 May 2008 10:13:47 -0700 (PDT)
Hello,
 
I am trying to view a SSL session. Based on the debug file it looks like the key is loading correctly but I can't see any of the HTTP requests. The packets still show it as "Encrypted Application".  I do so some of these errors in the log:
decrypt_ssl3_record: no decoder available
 
I am attaching the debug file to this message in case anybody wants to look at it. Can someone tell me what I might be doing wrong?
 
Thank you,
 
ssl_init keys string:
10.62.40.134,443,http,c:\rfscanner\RFScanner_EnvB_Cert.key
ssl_init found host entry 10.62.40.134,443,http,c:\rfscanner\RFScanner_EnvB_Cert.key
ssl_init addr '10.62.40.134' port '443' filename 'c:\rfscanner\RFScanner_EnvB_Cert.key' password(only for p12 file) '(null)'
ssl_init private key file c:\rfscanner\RFScanner_EnvB_Cert.key successfully loaded
association_add TCP port 443 protocol http handle 02CECD08
association_find: TCP port 993 found 03C5C148
ssl_association_remove removing TCP 993 - imap handle 02BF9818
association_add TCP port 993 protocol imap handle 02BF9818
association_find: TCP port 995 found 03C5C188
ssl_association_remove removing TCP 995 - pop handle 039C1300
association_add TCP port 995 protocol pop handle 039C1300
dissect_ssl enter frame #4 (first time)
ssl_session_init: initializing ptr 04791A48 size 564
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
dissect_ssl server 10.62.40.134:443
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 91 ssl, state 0x00
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 87 bytes, remaining 96
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #5 (first time)
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record found version 0x0301 -> state 0x11
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 74 ssl, state 0x11
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 79
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_restore_session can't find stored session
dissect_ssl3_hnd_srv_hello found CIPHER 0x0004 -> state 0x17
dissect_ssl3_hnd_srv_hello not enough data to generate key (required 0x37)
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 32 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 7 offset 90 length 4720827 bytes, remaining 122
dissect_ssl enter frame #6 (first time)
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 32 ssl, state 0x17
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 129 offset 11 length 3885348 bytes, remaining 43
dissect_ssl enter frame #8 (first time)
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl enter frame #9 (first time)
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 1445 ssl, state 0x17
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 1061 found 00000000
association_find: TCP port 443 found 03E58E98
dissect_ssl enter frame #11 (first time)
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl enter frame #13 (first time)
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 1564 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
dissect_ssl enter frame #13 (first time)
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 55 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 21 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
dissect_ssl enter frame #15 (first time)
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl enter frame #17 (first time)
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl enter frame #19 (first time)
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 272 ssl, state 0x17
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 1061 found 00000000
association_find: TCP port 443 found 03E58E98
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 64 ssl, state 0x17
association_find: TCP port 1061 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 1061 found 00000000
association_find: TCP port 443 found 03E58E98
dissect_ssl enter frame #21 (first time)
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl enter frame #23 (first time)
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 1476 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98
dissect_ssl enter frame #23 (first time)
  conversation = 04791870, ssl_session = 04791A48
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 769 ssl, state 0x17
association_find: TCP port 443 found 03E58E98
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 03E58E98


Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.