Wireshark · Wireshark-users: [Wireshark-users] Decrypting SSL/TLS with cipher re-negotiation during session

Wireshark-users: [Wireshark-users] Decrypting SSL/TLS with cipher re-negotiation during session

From: Christian Folini <christian.folini@xxxxxxxxxx>
Date: Wed, 24 Feb 2016 15:44:05 +0100
Hello,

I am currently debugging a productive apache webserver with fairly
strong ssl/tls setting. Forward secrecy which makes decrypting
the traffic very difficult.

Disabling forward secrecy for the server is not an option.
But disabling it for certain clients is OK. Much to my surprise
I could do the following with apache:

<If "%{REMOTE_ADDR} == '127.0.0.1'">
    SSLCipherSuite          'AES256-SHA'
</If>

Calling the server with the desired cipher lets my decrypt it without problems:
$> curl -v --ciphers AES256-SHA -k https://127.0.0.1:443/index.html
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
...

<capture etc.>


$> tshark -r /tmp/straight.pcp \
	-o "ssl.desegment_ssl_records: TRUE" \
	-o "ssl.desegment_ssl_application_data: TRUE" \
	-o "ssl.keys_list: 127.0.0.1,443,http,/tmp/server.pem" \
	-o "ssl.debug_file: /tmp/ssl-debug.log"

...
  1 0.000000000    127.0.0.1 -> 127.0.0.1    TCP 74 51026 > https [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=16968934 TSecr=0 WS=128
  2 0.000015000    127.0.0.1 -> 127.0.0.1    TCP 74 https > 51026 [SYN, ACK] Seq=0 Ack=1 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=16968934 TSecr=16968934 WS=128
  3 0.000031000    127.0.0.1 -> 127.0.0.1    TCP 66 51026 > https [ACK] Seq=1 Ack=1 Win=43776 Len=0 TSval=16968934 TSecr=16968934
  4 0.004982000    127.0.0.1 -> 127.0.0.1    SSL 161 Client Hello
  5 0.005033000    127.0.0.1 -> 127.0.0.1    TCP 66 https > 51026 [ACK] Seq=1 Ack=96 Win=43776 Len=0 TSval=16968935 TSecr=16968935
  6 0.005494000    127.0.0.1 -> 127.0.0.1    TLSv1 916 Server Hello, Certificate, Server Hello Done
  7 0.005510000    127.0.0.1 -> 127.0.0.1    TCP 66 51026 > https [ACK] Seq=96 Ack=851 Win=45440 Len=0 TSval=16968936 TSecr=16968936
  8 0.008763000    127.0.0.1 -> 127.0.0.1    TLSv1 392 Client Key Exchange, Change Cipher Spec, Finished
  9 0.011366000    127.0.0.1 -> 127.0.0.1    TLSv1 125 Change Cipher Spec, Finished
 10 0.014286000    127.0.0.1 -> 127.0.0.1    HTTP 236 GET /index.html HTTP/1.1 
 11 0.015038000    127.0.0.1 -> 127.0.0.1    TLSv1 103 Hello Request
 12 0.016542000    127.0.0.1 -> 127.0.0.1    TLSv1 199 Client Hello
 13 0.016742000    127.0.0.1 -> 127.0.0.1    TLSv1 1025 Server Hello, Certificate, Server Hello Done
 14 0.017670000    127.0.0.1 -> 127.0.0.1    TLSv1 449 Client Key Exchange, Change Cipher Spec, Finished
 15 0.024503000    127.0.0.1 -> 127.0.0.1    TLSv1 156 Change Cipher Spec, Finished
 16 0.026524000    127.0.0.1 -> 127.0.0.1    HTTP 524 HTTP/1.1 302 Found  (text/html)
 17 0.026712000    127.0.0.1 -> 127.0.0.1    TCP 66 51026 > https [ACK] Seq=1108 Ack=2454 Win=49280 Len=0 TSval=16968941 TSecr=16968940
 18 0.026809000    127.0.0.1 -> 127.0.0.1    TLSv1 103 Alert (Level: Warning, Description: Close Notify)
 19 0.026901000    127.0.0.1 -> 127.0.0.1    TCP 66 51026 > https [FIN, ACK] Seq=1145 Ack=2454 Win=49280 Len=0 TSval=16968941 TSecr=16968940
 20 0.034844000    127.0.0.1 -> 127.0.0.1    TLSv1 103 Alert (Level: Warning, Description: Close Notify)
 21 0.034884000    127.0.0.1 -> 127.0.0.1    TCP 54 51026 > https [RST] Seq=1146 Win=0 Len=0


But if I run the client with a standard handshake, then Apache issues a
re-negotiate and tshark / wireshark is out of luck:


$> curl -v -k  https://127.0.0.1:443/index.html
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
*        subject: CN=localhost
*        start date: 2016-02-24 12:23:44 GMT
*        expire date: 2016-03-25 12:23:44 GMT
*        issuer: CN=localhost
*        SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET /index.html HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 127.0.0.1
> Accept: */*
> 
* SSLv3, TLS handshake, Hello request (0):
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):

...


  1 0.000000000    127.0.0.1 -> 127.0.0.1    TCP 74 51025 > https [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=16964664 TSecr=0 WS=128
  2 0.000028000    127.0.0.1 -> 127.0.0.1    TCP 74 https > 51025 [SYN, ACK] Seq=0 Ack=1 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=16964664 TSecr=16964664 WS=128
  3 0.000284000    127.0.0.1 -> 127.0.0.1    TCP 66 51025 > https [ACK] Seq=1 Ack=1 Win=43776 Len=0 TSval=16964664 TSecr=16964664
  4 0.003961000    127.0.0.1 -> 127.0.0.1    SSL 339 Client Hello
  5 0.004138000    127.0.0.1 -> 127.0.0.1    TCP 66 https > 51025 [ACK] Seq=1 Ack=274 Win=44800 Len=0 TSval=16964665 TSecr=16964665
  6 0.015519000    127.0.0.1 -> 127.0.0.1    TLSv1 1260 Server Hello, Certificate, Server Key Exchange, Server Hello Done
  7 0.015572000    127.0.0.1 -> 127.0.0.1    TCP 66 51025 > https [ACK] Seq=274 Ack=1195 Win=174720 Len=0 TSval=16964668 TSecr=16964668
  8 0.017227000    127.0.0.1 -> 127.0.0.1    TLSv1 200 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
  9 0.017800000    127.0.0.1 -> 127.0.0.1    TLSv1 125 Change Cipher Spec, Encrypted Handshake Message
 10 0.018200000    127.0.0.1 -> 127.0.0.1    TLSv1 236 Application Data, Application Data
 11 0.021670000    127.0.0.1 -> 127.0.0.1    TLSv1 103 Encrypted Handshake Message
 12 0.021820000    127.0.0.1 -> 127.0.0.1    TLSv1 375 Encrypted Handshake Message
 13 0.024097000    127.0.0.1 -> 127.0.0.1    TLSv1 1025 Encrypted Handshake Message, Encrypted Handshake Message, Encrypted Handshake Message
 14 0.024710000    127.0.0.1 -> 127.0.0.1    TLSv1 449 Encrypted Handshake Message, Change Cipher Spec, Encrypted Handshake Message
 15 0.033751000    127.0.0.1 -> 127.0.0.1    TLSv1 156 Change Cipher Spec, Encrypted Handshake Message
 16 0.036269000    127.0.0.1 -> 127.0.0.1    TLSv1 524 Application Data, Application Data
 17 0.036449000    127.0.0.1 -> 127.0.0.1    TCP 66 51025 > https [ACK] Seq=1270 Ack=2798 Win=179456 Len=0 TSval=16964673 TSecr=16964673
 18 0.036529000    127.0.0.1 -> 127.0.0.1    TLSv1 103 Encrypted Alert
 19 0.036600000    127.0.0.1 -> 127.0.0.1    TCP 66 51025 > https [FIN, ACK] Seq=1307 Ack=2798 Win=179456 Len=0 TSval=16964673 TSecr=16964673
 20 0.045129000    127.0.0.1 -> 127.0.0.1    TCP 66 [TCP Retransmission] 51025 > https [FIN, ACK] Seq=1307 Ack=2798 Win=179456 Len=0 TSval=16964676 TSecr=16964673
 21 0.045172000    127.0.0.1 -> 127.0.0.1    TCP 78 https > 51025 [ACK] Seq=2798 Ack=1308 Win=49152 Len=0 TSval=16964676 TSecr=16964673 SLE=1307 SRE=1308
 22 0.045887000    127.0.0.1 -> 127.0.0.1    TLSv1 103 Encrypted Alert
 23 0.045907000    127.0.0.1 -> 127.0.0.1    TCP 54 51025 > https [RST] Seq=1308 Win=0 Len=0


Is there any way wireshark / tshark is able to decrypt the AES256-SHA
part of this traffic?

There is a lot of info with regards to decryting ssl traffic
online, but I could not get hold of a post which explained
a solution to my problem. If I overlooked something, then
sorry. Will be glad to follow any links.

Captures and self-signed key file are attached.

Best,

Christian


-- 
I don't believe that we have come to the end of the democratic experiment.
-- Bruce Schneier
Attachment: dump-and-key.tar.gz
Description: Binary data
Prev by Date: Re: [Wireshark-users] Wireshark-users Digest, Vol 117, Issue 4
Next by Date: [Wireshark-users] can decode the "Transparent Container"
Previous by thread: Re: [Wireshark-users] Wireshark-users Digest, Vol 117, Issue 4
Next by thread: [Wireshark-users] can decode the "Transparent Container"
Index(es):
- Date
- Thread