[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-users
Subject:    Re: [Wireshark-users] Problem deciphering an openssl stream
From:       kolos_ws () ural2 ! hu
Date:       2010-10-11 9:42:38
Message-ID: alpine.DEB.2.00.1010111138560.27918 () robin ! fene ! hu
[Download RAW message or body]

Hi Philippe,

> [..]
>
> I don't get why Wireshark can not find the key in this case.
>
> dissect_ssl enter frame #167 (first time)
>  conversation = 04804BD0, ssl_session = 04804DA8
> dissect_ssl3_record found version 0x0301 -> state 0x11
> dissect_ssl3_record: content_type 22
> decrypt_ssl3_record: app_data len 927 ssl, state 0x11
> association_find: TCP port 443 found 03ADCDD8
> packet_from_server: is from server - TRUE
> decrypt_ssl3_record: using server decoder
> decrypt_ssl3_record: no decoder available
> dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes,
> remaining 932
> dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
> dissect_ssl3_hnd_srv_hello found CIPHER 0x002F -> state 0x17
> dissect_ssl3_hnd_srv_hello not enough data to generate key (required 0x37)
> dissect_ssl3_handshake iteration 0 type 11 offset 86 length 838 bytes,
> remaining 932
> dissect_ssl3_handshake iteration 0 type 14 offset 928 length 0 bytes,
> remaining 932
>
> And I don't get why there is not enough data to generate the key.

Read this email and the related thread, maybe it will help:

http://www.wireshark.org/lists/wireshark-users/201009/msg00050.html

Regards,

Kolos
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]