Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Strange SSL decode issue (SUPL, ULP)

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Fri, 17 Apr 2015 07:18:44 +0200
Hi,

>From the detailed description you've given this certainly is a point of
interest, but it would take more measurements to say for certain. As for the
server component that could cause this, I have no clue either.

Thanks,
Jaap


On 04/15/2015 11:21 AM, Ralf G. R. Bergs wrote:
> Hi Jaap.
> 
> Thanks for your reply.
> 
> On 2015-04-15 07:59 , Jaap Keuter wrote:
>>> ssl_decrypt_pre_master_secret: session uses DH (17) key exchange, which is
>>> impossible to decrypt
>> As the debug log says, one backend node does while the other doesn't use a DH
>> key exchange. I would look carefully at the crypto configuration of both backend
>> nodes.
> Sorry if I'm asking this question (it's because I'm not an expert in
> this area), is it absolutely clear that there must be a config issue on
> the server side? Or can it also be an issue with client behavior? That
> the client in the one session behaved differently than in the other?
> 
> If you're really confident that it is a server-side issue, can you maybe
> give me some hints where to look at? Would it be at the JVM level? Maybe
> crypto policy files being different? Or Tomcat webapp container config?
> Or even the webapp config itself?
> 
> Dank je wel.
> 
> Groetjes,
> 
> Ralf
> 
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>