Wireshark-bugs: [Wireshark-bugs] [Bug 6033] New: SSL/TLS decryption needs a "SSL debug file" in
Date: Fri, 17 Jun 2011 12:15:49 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6033

           Summary: SSL/TLS decryption needs a "SSL debug file" in order
                    to work
           Product: Wireshark
           Version: 1.6.0
          Platform: x86-64
        OS/Version: Windows 7
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: [email protected]
        ReportedBy: [email protected]


Build Information:
Version 1.6.0 (SVN Rev 37592 from /trunk-1.6)

Copyright 1998-2011 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.22.1, with GLib 2.26.1, with WinPcap (version
unknown), with libz 1.2.5, without POSIX capabilities, without libpcre, without
SMI, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.10.3, with
Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 
7 2011), with AirPcap.

Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.10.3, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 21022
--
When you have a SSL/TLS traffic in wireshark, in order to decrypt it you have
to add the "SSL debug file" in the SSL protocol options.
In version 1.4.7, the ssl/tls traffic was decrypted even without a "SSL debug
file".

Steps to reproduce:
1. download
http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=snakeoil2_070531.tgz
and extract the files where you prefer (from now on called $DIR directory)
2. open the $DIR\rsasnakeoil2.cap capture file with wireshark
3. Go to "Secure Socket Layer preferences"
4. Open "RSA keys list"
5. Add the entry:
    IP: 127.0.0.1
    port: 443
    protocol: http
    key: $DIR\rsasnakeoil2.key
6. Leave the "SSL debug file:" field blank
7. Reboot wireshark (see bug 6032
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6032)
8. Open $DIR\rsasnakeoil2.cap with wireshark

Actual result:
The SSL/TLS traffic is not decrypted

Expected result:
The SSL/TLS traffic should be decrypted

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.