 | 1 | initial version |
Ok, I found the solution and a small bug in Wireshark. I had to read RFC 5246 to realize that the actual pre-master secret are only the last 48 bytes of the pre-master data. The rest is just padding and some format restrictions. However, the 48 bytes of the pre-master secret again consist of 2 bytes for the TLS version and 46 random bytes. Wireshark only needs the 46 random bytes!
The correct format therefore is:
RSA "first 8 bytes of encrypted premaster-secret in hex" "the 46 random bytes of the decrypted pre-master key in hex"
| | 2 | No.2 Revision |
Ok, I found the solution and a small bug in Wireshark. solution. I had to read RFC 5246 to realize that the actual pre-master secret are only the last 48 bytes of the pre-master data. The rest is just padding and some format restrictions. However, the 48 bytes of the pre-master secret again consist of 2 bytes for the TLS version and 46 random bytes. Wireshark only needs the 46 random bytes! restrictions.
The correct format therefore is:
RSA "first 8 bytes of encrypted premaster-secret in hex" "the 46 random last 48 bytes of the decrypted pre-master key data in hex"
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
