Wireshark · Wireshark-users: Re: [Wireshark-users] can't load private key from /root/foo.pem

[Sake Blok <sake@xxxxxxxxxx>]

On Tue, Jan 19, 2010 at 02:33:23PM -0200, Thiago Moreira (timba) wrote:
>      I don't see anything else, I'm a beginner in SSL matters... Attached I
>    sent my SSL debug file... I appreciate if some one would be able to check
>    if there is something wrong on it.

The problem is that you are using a DH cipher:

dissect_ssl3_hnd_srv_hello found CIPHER 0x0033 -> state 0x17

(cipher 0x33 = TLS_DHE_RSA_WITH_AES_128_CBC_SHA)

It is not possible to decrypt SSL sessions that use a DH cipher based 
on network traffic and private key. You could restrict the cipher-list on
the client to make sure a cipher is chosen that makes it possible to decrypt.

Cheers,


Sake