Wireshark-users: Re: [Wireshark-users] Problem deciphering an openssl stream
From: Philippe Fremy <[email protected]>
Date: Mon, 11 Oct 2010 13:04:57 +0200
[email protected] wrote:
Hi Philippe,

  
[..]

I don't get why Wireshark can not find the key in this case.

dissect_ssl enter frame #167 (first time)
 conversation = 04804BD0, ssl_session = 04804DA8
dissect_ssl3_record found version 0x0301 -> state 0x11
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 927 ssl, state 0x11
association_find: TCP port 443 found 03ADCDD8
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes,
remaining 932
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
dissect_ssl3_hnd_srv_hello found CIPHER 0x002F -> state 0x17
dissect_ssl3_hnd_srv_hello not enough data to generate key (required 0x37)
dissect_ssl3_handshake iteration 0 type 11 offset 86 length 838 bytes,
remaining 932
dissect_ssl3_handshake iteration 0 type 14 offset 928 length 0 bytes,
remaining 932

And I don't get why there is not enough data to generate the key.
    
Read this email and the related thread, maybe it will help:

http://www.wireshark.org/lists/wireshark-users/201009/msg00050.html

  
Very interesting documentation. Certainly worth adding to the SSL wiki page.

Is there any way I can validate that my client is using a DH algorithm ?

I looked at the trace again, the thing that looks like choosing the protocol is the following :

TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
    Content Type: Change Cipher Spec (20)
    Version: TLS 1.0 (0x0301)
    Length: 1
    Change Cipher Spec Message

But it does not mention any protocol names. Nor does it in the debug log.

cheers,

Philippe