On Monday 20 August 2012 21:21:42 Sake Blok wrote:
> On 20 aug 2012, at 21:05, Bas Nedermeijer wrote:
> > The ssl.debug file (partial) of the Linux version (which fails). Some
> > filenames have been altered. But the KeyID shows it is the same private
> > key. [...]
> > ssl_decrypt_pre_master_secret wrong pre_master_secret length (87, expected
> > 48) dissect_ssl3_handshake can't decrypt pre master secret
>
> Are you sure the configured key matches the certificate in the tracefile?
> Every time I have encountered the above messages, I was using a key that
> did not match the certificate
I am pretty sure, the keyid in the logfiles is the same. And the (captured)
data is captured on the windows machine, and loaded on the linux machine. So
those are also the same.
The only thing I had to convert was the pfx file, the linux wireshark did not
want to load it. So I had to extract the private key, and remove the password
from the key. (I do not give the certificate to wireshark on linux).
> > I hope this is enough information. I cannot share the actual captured data
> > and key. But if needed I think I can reproduce the problem with a
> > self-signed key (and dummy session).
>
> If you do have a matching certificate and key and you still get this
> message, please reproduce the issue with files that you can share :-)
I'll try to find a IIS machine I can use (need to load a self-signed key).
Regards,
Groeten,
Bas Nedermeijer
> Cheers,
> Groeten,
>
>
> Sake
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
