Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4544] unencrypted traffic in STARTTLS session is not disse

Date: Thu, 20 May 2010 10:55:28 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4544

--- Comment #5 from Sake <sake@xxxxxxxxxx> 2010-05-20 10:55:27 PDT ---
(In reply to comment #4)
> (In reply to comment #3)
> > Are you able to share "alpha_mail.pem" or is that a private key used in a
> > production environment?
> 
> It is used in production environment at a universally-accessible server. I'll
> reproduce the situation in a test environment.

I understand. I decrypted a tracefile with SMTP and starttls and I was able to
see the decrypted "Finished" handshake message in both directions. There was no
application data in my trace, but I assume that if decryption works for the
last stage of the SSL handshake, it will also work for the application data.

Prior to spending time to reproduce this in a test environment, could you use
tshark to decrypt the file that you attached? You can use

tshark -V -r smtp-starttls.pcap -o
ssl.keys_list:78.107.153.188,start_tls,smtp,d:\Ivan\alpha_mail.pem -o
ssl.debug_file:d:\Ivan\ssl-debug.log > d:\Ivan\smtp-starttls.txt

Could you then attach the files d:\Ivan\ssl-debug.log and
d:\Ivan\smtp-starttls.txt to this bug-report?

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.