We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: [Wireshark-users] need help with decrypting ssl messages

From: Al <[email protected]>
Date: Thu, 14 Oct 2010 12:14:34 -0700 (PDT)
 I followed a guide where I extracted
 my private key and insert it into the SSL from wireshark
 preferences like:
 I tried both http and https - i thought since i am talking
 to server in https it might be https? Anyway, both failed to
 decrypt (still see jargon raw data when i view TCP stream.
 The debug log gives me:
 ssl_association_remove removing TCP 443 - http handle
 ssl_init keys string:
 ssl_init found host entry
ssl_init addr '123.456.55.678' port '443' filename
 'C:\testkey.pem' password(only for p12 file) '(null)'
 Private key imported: KeyID
 ssl_init private key file C:\testkey.pem successfully
 association_add TCP port 443 protocol http handle 03164D48
 dissect_ssl enter frame #4 (first time)
 ssl_session_init: initializing ptr 04E41BAC size 584
   conversation = 04E41868, ssl_session = 04E41BAC
   record: offset = 0, reported_length_remaining = 100
 packet_from_server: is from server - FALSE
 ssl_find_private_key server 123.456.55.678:443
 client random len: 32 padded to 32
 dissect_ssl2_hnd_client_hello found CLIENT RANDOM ->
 state 0x01
 So it seems the key has been found and loaded BUT when i
 check the STOPPED TCP stream it is still all jargon... what
 am i doing wrong here? thanks
 I am pretty sure i am on the right server since the key is loaded and i checked netstat and found the ip of the webservice... but still from wire shark the client basically does handshake and cert check with server and then afterwards server just sends "fin" and ends it.... really not sure whats going on here...