Not able to decrypt TLS traffic in Wireshark

asked 2020-04-26 14:19:43 +0000

Dipen gravatar image

-> Hi, I've made an Environment variable named SSLKEYLOGFILE and gave it a path -> I've captured the HTTPS traffic but after selecting the SSL logfile in Protocol -->TLS---> Pre master secret log filename it is not decrypting the TLS traffic

-> I couldn't find SSL under Protocol so selected TLS -> I'm using Chrome for browsing and Windows 10, my wireshark version is Version 3.1.1rc0-575-g35615574e569 (v3.1.1rc0-575-g35615574e569)

Please tell me how to solve this issue?

edit retag flag offensive close merge delete


Did you stop all instances of Chrome after setting up the environment variable? And then started Chrome from the shell / command prompt where you set that environment variable?

If that does not help, please tell us:

  • Which OS you are using
  • How you set your environment variable
  • How you start up Chrome afterwards
SYN-bit gravatar imageSYN-bit ( 2020-04-26 14:37:45 +0000 )edit

You should also update Wireshark to the current release version (3.2.3) rather than use an old non-stable release candidate version.

grahamb gravatar imagegrahamb ( 2020-04-26 14:55:12 +0000 )edit

@SYN-bit, I'm using Windows 10 Pro version 1803 I've started chrome in incognito mode also but it's not working There is no antivirus software enabled in my PC I've made environment variable using standard procedure and in SSL log file I'm getting "Client Random keys" I've also enabled TLS1.3 in chrome as well as firefox In debug I'm finding "No decoder available", attaching the debug here

Dipen gravatar imageDipen ( 2020-04-27 10:38:56 +0000 )edit

Can you try the current release version as @grahamb suggested? If that still does not work. Is it possible for you to share the pcap(ng) file and the sslkeylogfile? If you do, please make sure there is no sensitive information in the trace.

SYN-bit gravatar imageSYN-bit ( 2020-04-28 08:55:34 +0000 )edit

Parallel debugging efforts

Chuckc gravatar imageChuckc ( 2020-04-28 15:56:25 +0000 )edit