Wireshark-bugs: [Wireshark-bugs] [Bug 4544] unencrypted traffic in STARTTLS session is not disse
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4544

--- Comment #5 from Sake <[email protected]/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */> 2010-05-20 10:55:27 PDT ---
> (In reply to comment #3)
> > Are you able to share "alpha_mail.pem" or is that a private key used in a
> > production environment?
>
> It is used in production environment at a universally-accessible server. I'll
> reproduce the situation in a test environment.

I understand. I decrypted a tracefile with SMTP and starttls and I was able to
see the decrypted "Finished" handshake message in both directions. There was no
application data in my trace, but I assume that if decryption works for the
last stage of the SSL handshake, it will also work for the application data.

Prior to spending time to reproduce this in a test environment, could you use
tshark to decrypt the file that you attached? You can use

tshark -V -r smtp-starttls.pcap -o
ssl.keys_list:78.107.153.188,start_tls,smtp,d:\Ivan\alpha_mail.pem -o
ssl.debug_file:d:\Ivan\ssl-debug.log > d:\Ivan\smtp-starttls.txt

Could you then attach the files d:\Ivan\ssl-debug.log and
d:\Ivan\smtp-starttls.txt to this bug-report?

--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.