Cannot decrypt HTTP over TLS
I tried to configure Wireshark according to https://wiki.wireshark.org/TLS to decrypt HTTPS but it doesn't work.
I extracted private key from the certificate as a PEM file and added it via Edit -> Preferences -> RSA Keys. I'm using cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256. But when I open pcap file the encrypted data remains encrypted.
The traces are collected on the client side. I can see Client Hello and Server Hello, I see the selected cipher suite but after that there is only Application Data instead of decoded HTTP.
EDIT: On the provided link I noticed this statement:
"The private key matches the server certificate. It does not work with the client certificate, nor the Certificate Authority (CA) certificate."
What does it mean? The private key I'm using is extracted from the client certificate. Can it be an issue? I don't have access to the server private key.
Wireshark SSL debug log
Wireshark version: 3.2.1 (v3.2.1-0-gbf38a67724d0)
GnuTLS version: 3.6.3
Libgcrypt version: 1.8.3
dissect_ssl enter frame #4 (first time)
packet_from_server: is from server - TRUE
conversation = 00000214164C9A40, ssl_session = 00000214164CA590
record: offset = 0, reported_length_remaining = 161
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 156, ssl state 0x00
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 152 bytes
Calculating hash with offset 5 156
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #6 (first time)
packet_from_server: is from server - TRUE
conversation = 00000214164C9A40, ssl_session = 00000214164CA590
record: offset = 0, reported_length_remaining = 90
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 85, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 81 bytes
ssl_try_set_version found version 0x0303 -> state 0x91
Calculating hash with offset 5 85
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0x003D TLS_RSA_WITH_AES_256_CBC_SHA256 -> state 0x97
ssl_load_keyfile dtls/tls.keylog_file is not configured!
tls13_load_secret TLS version 0x303 is not 1.3
tls13_load_secret TLS version 0x303 is not 1.3
dissect_ssl enter frame #8 (first time)
packet_from_server: is from server - TRUE
conversation = 00000214164C9A40, ssl_session = 00000214164CA590
record: offset = 0, reported_length_remaining = 6
dissect_ssl3_record: content_type 20 Change Cipher Spec
decrypt_ssl3_record: app_data len 1, ssl state 0x197
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
ssl_dissect_change_cipher_spec Session resumption using Session ID
ssl_load_keyfile dtls/tls.keylog_file is not configured!
ssl_finalize_decryption state = 0x197
ssl_restore_master_key can't find master secret by Session ID
ssl_restore_master_key can't restore master secret using an empty Session Ticket
ssl_restore_master_key can't find master secret by Client Random
Cannot find master secret
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
dissect_ssl enter frame #10 (first time)
packet_from_server: is from server - TRUE
conversation = 00000214164C9A40, ssl_session = 00000214164CA590
record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 80, ssl state 0x197
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available ...
