[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-users
Subject: Re: [Wireshark-users] Problem deciphering an openssl stream
From: Philippe Fremy <phil () freehackers ! org>
Date: 2010-10-11 11:04:57
Message-ID: 4CB2EF59.4070309 () freehackers ! org
[Download RAW message or body]
[Attachment #2 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<a class="moz-txt-link-abbreviated" \
href="mailto:kolos_ws@ural2.hu">kolos_ws@ural2.hu</a> wrote: <blockquote \
cite="mid:alpine.DEB.2.00.1010111138560.27918@robin.fene.hu" type="cite">
<pre wrap="">Hi Philippe,
</pre>
<blockquote type="cite">
<pre wrap="">[..]
I don't get why Wireshark can not find the key in this case.
dissect_ssl enter frame #167 (first time)
conversation = 04804BD0, ssl_session = 04804DA8
dissect_ssl3_record found version 0x0301 -> state 0x11
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 927 ssl, state 0x11
association_find: TCP port 443 found 03ADCDD8
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes,
remaining 932
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
dissect_ssl3_hnd_srv_hello found CIPHER 0x002F -> state 0x17
dissect_ssl3_hnd_srv_hello not enough data to generate key (required 0x37)
dissect_ssl3_handshake iteration 0 type 11 offset 86 length 838 bytes,
remaining 932
dissect_ssl3_handshake iteration 0 type 14 offset 928 length 0 bytes,
remaining 932
And I don't get why there is not enough data to generate the key.
</pre>
</blockquote>
<pre wrap=""><!---->
Read this email and the related thread, maybe it will help:
<a class="moz-txt-link-freetext" \
href="http://www.wireshark.org/lists/wireshark-users/201009/msg00050.html">http://www.wireshark.org/lists/wireshark-users/201009/msg00050.html</a>
</pre>
</blockquote>
Very interesting documentation. Certainly worth adding to the SSL wiki
page.<br>
<br>
Is there any way I can validate that my client is using a DH algorithm ?<br>
<br>
I looked at the trace again, the thing that looks like choosing the
protocol is the following :<br>
<br>
TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec<br>
Content Type: Change Cipher Spec (20)<br>
Version: TLS 1.0 (0x0301)<br>
Length: 1<br>
Change Cipher Spec Message<br>
<br>
But it does not mention any protocol names. Nor does it in the debug
log.<br>
<br>
cheers,<br>
<br>
Philippe<br>
<br>
<br>
</body>
</html>
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic