Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] URGENT Please Help -- SSLv3 Application Data decryption on

From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Tue, 31 Oct 2006 11:37:46 +0000
Yes it has been tested.


I use linux and I just verified it again using the example and the
instructions on http://wiki.wireshark.org/SSL
and once I set the preference properly and I restart wireshark it does
decrypt the example capture just fine.



On 10/31/06, Vijay Sitaram <vjatfugen@xxxxxxxxx> wrote:
Hi All,

      Can someone authoritatively answer this question:

  Has the 'WireShark / Tshark' program ever been used for SSLv3 dissection
on Linux?

       I have posted related questions several times but have not received
any complete responses.  Recently I came across Bug ID 1119 (SSL dissector
not decrypting SSLv3 and TLS 1.0 traffic (only tested in win32)).  If this
is true then perhaps my efforts are futile?

       I would happy to debug this issue further if someone can point me in
the right direction.  Here is some relevant information from a log file when
I try to decrypt the sample:
  ...
  ssl_init keys string
127.0.0.1,443,http,/home/vijay/snakeoil2/rsasnakeoil2.key
ssl_init found host entry
127.0.0.1,443,http,/home/vijay/snakeoil2/rsasnakeoil2.key
ssl_init addr 127.0.0.1 port 443 filename
/home/vijay/snakeoil2/rsasnakeoil2.key
ssl_get_version: 1.0.20
ssl_init private key file /home/vijay/snakeoil2/rsasnakeoil2.key
successfully loaded
...
  association_find: port 38713 found (nil)
packet_from_server: is from server 0
dissect_ssl server 127.0.0.1:443
client random len: 16 padded to 32
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 74 ssl state 11
decrypt_ssl3_record: no session key
...
  ssl_decrypt_pre_master_secret wrong pre_master_secret lenght (128,
expected 48)
dissect_ssl3_handshake can't decrypt pre master secret
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
...

       Thanks for your response.  Kind regards,

  Vijay



---------------------------------
Want to start your own business? Learn how on  Yahoo! Small Business.

---------------------------------
Everyone is raving about the  all-new Yahoo! Mail.