Wireshark-bugs: [Wireshark-bugs] [Bug 4544] unencrypted traffic in STARTTLS session is not disse
Date: Thu, 20 May 2010 10:55:28 -0700 (PDT)

--- Comment #5 from Sake <[email protected]> 2010-05-20 10:55:27 PDT ---
(In reply to comment #4)
> (In reply to comment #3)
> > Are you able to share "alpha_mail.pem" or is that a private key used in a
> > production environment?
> It is used in production environment at a universally-accessible server. I'll
> reproduce the situation in a test environment.

I understand. I decrypted a tracefile with SMTP and starttls and I was able to
see the decrypted "Finished" handshake message in both directions. There was no
application data in my trace, but I assume that if decryption works for the
last stage of the SSL handshake, it will also work for the application data.

Prior to spending time to reproduce this in a test environment, could you use
tshark to decrypt the file that you attached? You can use

tshark -V -r smtp-starttls.pcap -o
ssl.keys_list:,start_tls,smtp,d:\Ivan\alpha_mail.pem -o
ssl.debug_file:d:\Ivan\ssl-debug.log > d:\Ivan\smtp-starttls.txt

Could you then attach the files d:\Ivan\ssl-debug.log and
d:\Ivan\smtp-starttls.txt to this bug-report?

Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.