We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] question about bug 3303

Date: Fri, 3 Sep 2010 16:58:29 +0200 (CEST)
Hi Sake,

Can someone confirm to me what is happening to bug 3303
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3303) at the moment?
It hasn't seen much activity lately.

Thank you for pinging, this bug is still on my list to look at. But time is a limited resource :-( and this issue is kind of a tough one to dig into.

I understand.

Although it is categorised as 'Low Normal' importance at the moment, in my
case it is a showstopper and would love to see it resolved.

Are you sure you are encountering the same issue? There were some reports of similar issues that actually had a different cause. Will you be able to post a capture file showing the issue you have at hand? That way it can be determined if you run into the same issue. You can attach the tracefile to the bug-report. If necessary, you can mark it as private so that only the core-developers have access to it.

I'm not sure if I can post a capture file (probably I can't), but the reason why I think that it's this issue is that I see the following in my SSL debug log:

[..]
dissect_ssl enter frame #217 (first time)
  conversation = 0xafa51a70, ssl_session = 0xafa51cc0
  record: offset = 0, reported_length_remaining = 1747
dissect_ssl3_record found version 0x0301 -> state 0x11
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 1742 ssl, state 0x11
association_find: TCP port 8080 found 0x1bc5ac8
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 1747
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
dissect_ssl3_hnd_srv_hello found CIPHER 0x0016 -> state 0x17
dissect_ssl3_hnd_srv_hello trying to generate keys
ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)
dissect_ssl3_hnd_srv_hello can't generate keyring material
dissect_ssl3_handshake iteration 0 type 11 offset 79 length 1232 bytes, remaining 1747
dissect_ssl3_handshake iteration 0 type 12 offset 1315 length 424 bytes, remaining 1747
dissect_ssl3_handshake iteration 0 type 14 offset 1743 length 0 bytes, remaining 1747
[..]

The URL on the Bugzilla page for issue 3303 refers to a message on this email list (http://www.wireshark.org/lists/wireshark-users/200903/msg00047.html) which seems to have the same error message.

In all my captures I see that the packet containing "Server Hello, Certificate, Server Key Exchange, Encrypted Handshake Message" is fragmented and I can't raise the MTU in my environment.

Is this the same issue you think?

Thanks!

Regards,

Kolos