 | 1 | initial version |
Be sure that you are using a recent Wireshark version for TLS 1.3 analysis. Initial support for TLS 1.3 (draft 19 up to draft 21) decryption was added in Wireshark 2.4.0. Since Wireshark 2.4.5, the range of supported draft versions is draft 18 up to draft 23. For a more detailled list of supported draft versions, see https://github.com/tlswg/tls13-spec/wiki/Implementations
To support the latest draft versions however, you will need a development version (2.5.x or 2.9.x) or the next major release, Wireshark 2.6. For macOS and Windows, you can find pre-release builds at https://www.wireshark.org/download/automated/
In your specific case, either you have cut off some data or your software is not adhering to the expected key log format (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format). The client random field should be 64 hexadecimal characters (32 bytes) while yours has 59 characters. The size of the derived secret is dependent on the hash function, but 61 hexadecimal character is certainly wrong. For SHA256 the expected size is 64 hexadecimal characters, for SHA384 it is 96 hexadecimal characters.
For some test captures and keys, see https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12779#c85
| | 2 | No.2 Revision |
Be sure that you are using a recent Wireshark version for TLS 1.3 analysis. Initial support for TLS 1.3 (draft 19 up to draft 21) decryption was added in Wireshark 2.4.0. Since Wireshark 2.4.5, the range of supported draft versions is draft 18 up to draft 23. For a more detailled list of supported draft versions, see https://github.com/tlswg/tls13-spec/wiki/Implementations
To support the latest draft versions however, you will need a development version (2.5.x or 2.9.x) or the next major release, Wireshark 2.6. For macOS and Windows, you can find pre-release builds at https://www.wireshark.org/download/automated/
In your specific case, either you have cut off some data or your software is not adhering to the expected key log format (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format). format. The client random field should be 64 hexadecimal characters (32 bytes) while yours has 59 characters. The size of the derived secret is dependent on the hash function, but 61 hexadecimal character is certainly wrong. For SHA256 the expected size is 64 hexadecimal characters, for SHA384 it is 96 hexadecimal characters.
For some test captures and keys, see https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12779#c85
