ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online

Wireshark-users: Re: [Wireshark-users] export the private key on Windows?

From: Sake Blok <sake@xxxxxxxxxx>
Date: Mon, 9 Apr 2007 21:37:04 +0200
On Mon, Apr 09, 2007 at 02:46:50PM -0400, Jeffrey Ross wrote:
> >
> > Sounds about right to me :)
> >
> >> So either I'm still doing something wrong or the administrator has
> >> provided me with the incorrect key, possible but not likely.
> >>
> >> Any help would be appreciated...
> >
> > Could you enable ssl-debugging by entering a filename in the
> > ssl-protocol-preferences at "SSL debug file"? Are there any
> > clues in the debug-file? If you need help interpreting, could
> > you send the debug-file to the list (or me)?
> [...]
> ssl_init private key file /home/jeff/privatekey.pem successfully loaded
> ok, I guess it found the key however I see the following:
> [...]

Yes, the key looks fine :)

> Also of interest:
> dissect_ssl enter frame #30 (first time)
> dissect_ssl3_record found version 0x0300 -> state 0x11
> dissect_ssl3_record: content_type 22
> decrypt_ssl3_record: app_data len 74 ssl, state 0x11
> association_find: TCP port 443 found 0x93fc068
> packet_from_server: is from server 1
> decrypt_ssl3_record: no session key
> dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes,
> remaining 79
> dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
> ssl_restore_session can't find stored session
> dissect_ssl3_hnd_srv_hello found CIPHER 0x0005 -> state 0x17
> dissect_ssl3_hnd_srv_hello not enough data to generate key (required 0x37)

"ssl_restore_session can't find stored session" -> Looks like the session
is using an earlier SSL-session for which it still has all the negotiated
keys and state information. Did you make sure the *full* ssl handshake
is in the trace? The easist way to do this is to close your browser (all
instances of it), start the trace, open the browser and visit the https
site you are testing. Make sure you see the "server key exchange" and
the "client key exchange" messages in the trace.

If that does not help, maybe a full debug-file (gzipped?) might