Wireshark-users: Re: [Wireshark-users] Problem deciphering an openssl stream
From: Philippe Fremy <[email protected]>
Date: Thu, 14 Oct 2010 17:48:12 +0200
[email protected] wrote:
Hi Philippe,

  
Handshake Protocol: Server Hello
[...]
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

I don't see any DH here, so maybe that's not the problem.
    
I agree, it doesn't look like it's using DH. What would be interesting to 
see if you see a "Client key exchange" or a "Server key exchange" at the 
beginning of the SSL session in your capture when you look at it in 
Wireshark.

Also, you might want to use "-s 0" when running tcpdump, that just 
captures everything.
  
That's what I did initially, but the wiki of wireshark recommends -s 65535 .

I did several screenshots of my session, to show the different SSL packets. If anything explains why I can't decode it, that would be great. All are attached to this email (hoping the ML will let it through).

cheers,

Philippe

PNG image

PNG image

PNG image

PNG image

PNG image

PNG image