Wireshark-users: Re: [Wireshark-users] export the private key on Windows?
From: "Jeffrey Ross" <[email protected]>
Date: Mon, 9 Apr 2007 14:46:50 -0400 (EDT)
>
> Sounds about right to me :)
>
>> So either I'm still doing something wrong or the administrator has
>> provided me with the incorrect key, possible but not likely.
>>
>> Any help would be appreciated...
>
> Could you enable ssl-debugging by entering a filename in the
> ssl-protocol-preferences at "SSL debug file"? Are there any
> clues in the debug-file? If you need help interpreting, could
> you send the debug-file to the list (or me)?
>
> Just some shortcomings of the decryption-capabilities:
> - SSLv2 is not supported
> - Cipher 0x39 (TLS_DHE_RSA_WITH_AES_256_CBC_SHA) is not supported
>   by the libraries used by Wireshark and is used for example by firefox
>
> Cheers,
>
>
> Sake

Sake,

took a quick look through the debug file and I've included (what I think)
are the important parts as its over 3000 lines long.

ssl_init keys string:
10.1.0.3,443,http,/home/jeff/privatekey.pem
ssl_init found host entry 10.1.0.3,443,http,/home/jeff/privatekey.pem
ssl_init addr 10.1.0.3 port 443 filename /home/jeff/privatekey.pem
ssl_init private key file /home/jeff/privatekey.pem successfully loaded

ok, I guess it found the key however I see the following:
dissect_ssl enter frame #29 (first time)
ssl_session_init: initializing ptr 0xb3cf6db0 size 640
association_find: TCP port 2303 found (nil)
packet_from_server: is from server 0
dissect_ssl server 10.1.0.3:443
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 97 ssl, state 0x00
association_find: TCP port 2303 found (nil)
packet_from_server: is from server 0
decrypt_ssl3_record: no session key
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 93 bytes,
remaining 102
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01

Also of interest:
dissect_ssl enter frame #30 (first time)
dissect_ssl3_record found version 0x0300 -> state 0x11
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 74 ssl, state 0x11
association_find: TCP port 443 found 0x93fc068
packet_from_server: is from server 1
decrypt_ssl3_record: no session key
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes,
remaining 79
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_restore_session can't find stored session
dissect_ssl3_hnd_srv_hello found CIPHER 0x0005 -> state 0x17
dissect_ssl3_hnd_srv_hello not enough data to generate key (required 0x37)


If the whole file would be of use I'll post it but I think this explains
what's going on.

Jeff