Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Strange SSL decode issue (SUPL, ULP)

From: "Ralf G. R. Bergs" <Ralf+WireShark@xxxxxxxxx>
Date: Fri, 17 Apr 2015 10:15:02 +0200
Hi Jaap.

Thanks.

On 2015-04-17 07:18 , Jaap Keuter wrote:
> On 04/15/2015 11:21 AM, Ralf G. R. Bergs wrote:
>> Hi Jaap.
>>
>> Thanks for your reply.
>>
>> On 2015-04-15 07:59 , Jaap Keuter wrote:
>>>> ssl_decrypt_pre_master_secret: session uses DH (17) key exchange, which is
>>>> impossible to decrypt
>>> As the debug log says, one backend node does while the other doesn't use a DH
>>> key exchange. I would look carefully at the crypto configuration of both backend
>>> nodes.
>> Sorry if I'm asking this question (it's because I'm not an expert in
>> this area), is it absolutely clear that there must be a config issue on
>> the server side? Or can it also be an issue with client behavior? That
>> the client in the one session behaved differently than in the other?
>>
>> If you're really confident that it is a server-side issue, can you maybe
>> give me some hints where to look at? Would it be at the JVM level? Maybe
>> crypto policy files being different? Or Tomcat webapp container config?
>> Or even the webapp config itself?
> From the detailed description you've given this certainly is a point of
> interest, but it would take more measurements to say for certain. As for the
> server component that could cause this, I have no clue either.
So what would you propose in case I encounter such issue again? Send a
ssl-debug.log?

KR,

Ralf