Can't see encrypted application data in SSL session

edit

Hi,

I'm having some trouble trying to inspect SSL encrypted websocket traffic from an iOS device that I have proxied through my Mac. I used tcpdump to create a .pcap

I've spent a bit of time going through old forum posts to find a solution to this and I believe I've eliminated the following issues:

• The sessions I'm trying to view do not use a Diffie-Hellman key exchange (NOTE: some requests in the list DO use it but I am not trying to look at those ones. Frames I would like to see are frames like 16510, 16578, and 16580.)
• The certificate and private key I have provided do match the ones used in the requests because I have not received a mismatch error.
• I started the tcpdump before I started the application who's traffic I'm trying to inspect so I CAN see that every handshake is captured.

My ssldebug is below.

Thanks in advance!

Wireshark SSL debug log

Wireshark version: 2.4.5 (v2.4.5-0-g153e867)
GnuTLS version:    3.4.17
Libgcrypt version: 1.7.7

2668 bytes read
PKCS#12 imported
Bag 0/0: PKCS#8 Encrypted key
KeyID[20]:
| 9e 19 ff 04 83 81 7f 56 cf 9b b4 0c 3d f2 6d ea |.......V....=.m.|
| 3b e1 8b 43                                     |;..C            |
ssl_load_key: swapping p and q parameters and recomputing u
ssl_init private key file KEY_FILE_LOCATION_REDACTED successfully loaded.
ssl_init port '443' filename 'FILENAME_REDACTED' password(only for p12 file) 'PASSWORD_REDACTED'
association_add ssl.port port 443 handle 0x118d71f20

dissect_ssl enter frame #153 (first time)
packet_from_server: is from server - FALSE
  conversation = 0x11c659530, ssl_session = 0x11c659600
  record: offset = 0, reported_length_remaining = 239
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 234, ssl state 0x00
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 230 bytes, remaining 239
Calculating hash with offset 5 234
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #154 (first time)
packet_from_server: is from server - FALSE
  conversation = 0x11c659d90, ssl_session = 0x11c659e60
  record: offset = 0, reported_length_remaining = 240
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 235, ssl state 0x00
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 231 bytes, remaining 240
Calculating hash with offset 5 235
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #155 (first time)
packet_from_server: is from server - FALSE
  conversation = 0x11c65a5f0, ssl_session = 0x11c65a6c0
  record: offset = 0, reported_length_remaining = 245
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 240, ssl state 0x00
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 236 bytes, remaining 245
Calculating hash with offset 5 240
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #156 (first time)
packet_from_server: is from server - FALSE
  conversation = 0x11c65ae50, ssl_session = 0x11c65af20
  record: offset = 0, reported_length_remaining = 238
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 233, ssl state 0x00
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using ...