Has anyone seen this problem before? I am testing Wireshark 1.3.5 with
SSL. Certs have been created with the 2 following commands (so I get the
-----BEGIN RSA PRIVATE KEY----- content for private key, Wireshark loads
it properly)
openssl genrsa -out privkey1.pem 2048
openssl req -new -x509 -days 1000 -out pubcert1.pem -nodes -key
privkey1.pem -subj /CN=192.168.1.2
Calling the server via a "curl -k", communication goes ok. Snooping the
traffic, I get the following message which prevents the message decryption.
dissect_ssl enter frame #8 (first time)
conversation = 06311878, ssl_session = 06311BDC
record: offset = 0, reported_length_remaining = 198
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 134, ssl state 0x13
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 130 bytes,
remaining 139
---> ssl_decrypt_pre_master_secret key exchange 0 different from KEX_RSA
(16) <---
dissect_ssl3_handshake can't decrypt pre master secret
record: offset = 139, reported_length_remaining = 59
Has anyone seen this?
I have uploaded pcap file, wireshark log, priv and cert at
http://www.geckotechnology.com/sites/default/files/sslissue_100705.zip
Any hint is welcome.
guy
