cant decrypt TLSv1.3 with Kaspersky Total Security installed
I followed the instructions in https://wiki.wireshark.org/TLS, unfortunately my session does not decode.
I am using Wireshark 3.6.1 on Windows 10
I've tried using: Chrome Version 97.0.4692.99 (Official Build) (64-bit) Firefox 96.0.3 (64-bit)
I am setting the environment variable from a script as suggested, I can see that the file is created when the browser start script is run.
Here is the excerpt from the logfile that seems to be relevant
#2027 is the client hello immediately after the TCP handshake completes.
#2030 is the server hello
#2034 shows application data.
Any suggestions would be gratefully Received.
dissect_ssl enter frame #2027 (first time)
packet_from_server: is from server - FALSE
conversation = 00000236BB6CF320, ssl_session = 00000236BB6D07C0
record: offset = 0, reported_length_remaining = 517
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 512, ssl state 0x00
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 508 bytes
Calculating hash with offset 5 512
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #2030 (first time)
packet_from_server: is from server - TRUE
conversation = 00000236BB6CF320, ssl_session = 00000236BB6D07C0
record: offset = 0, reported_length_remaining = 1414
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 122, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 118 bytes
ssl_try_set_version found version 0x0304 -> state 0x91
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0x1301 TLS_AES_128_GCM_SHA256 -> state 0x97
trying to use TLS keylog in C:\Users\ptcro\Documents\Wireshark\keylogfile.txt
checking keylog line: CLIENT_HANDSHAKE_TRAFFIC_SECRET 66b6f23776dc56679574d74c9fbcff5937db50859e66494269c7328e64627a98 280a7cba7701a3ec4c9dcee63c1ac612e25db29bc76aa8cd8dc9f053e62800b5
matched client_handshake
checking keylog line: SERVER_HANDSHAKE_TRAFFIC_SECRET 66b6f23776dc56679574d74c9fbcff5937db50859e66494269c7328e64627a98 2c5fe95616deb0200d8e156d54e392b0233debfea38e1099782acca007ebc71e
matched server_handshake
checking keylog line: CLIENT_TRAFFIC_SECRET_0 66b6f23776dc56679574d74c9fbcff5937db50859e66494269c7328e64627a98 1323e0b35ada89c6b4757f0e8cc20a770b4cc8b1e2563d7ea11736c269399621
matched client_appdata
checking keylog line: SERVER_TRAFFIC_SECRET_0 66b6f23776dc56679574d74c9fbcff5937db50859e66494269c7328e64627a98 e428d0f2c506211e48f088d7ad87f583dd4e44a6f3a7f044050ee29cb109e88e
matched server_appdata
checking keylog line: EXPORTER_SECRET 66b6f23776dc56679574d74c9fbcff5937db50859e66494269c7328e64627a98 328f323ad2033fd0ffd85e68d10d366d60ec7cee2dd7b248af48ad01d7b9d27e
matched exporter
tls13_load_secret transitioning to new key, old state 0x97
tls13_load_secret Cannot find CLIENT_HANDSHAKE_TRAFFIC_SECRET, decryption impossible
tls13_load_secret transitioning to new key, old state 0x97
tls13_load_secret Cannot find SERVER_HANDSHAKE_TRAFFIC_SECRET, decryption impossible
record: offset = 127, reported_length_remaining = 1287
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 133, reported_length_remaining = 1281
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 36, ssl state 0x97
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
record: offset = 174, reported_length_remaining = 1240
need_desegmentation: offset = 174, reported_length_remaining = 1240
dissect_ssl enter frame #2034 (first time)
packet_from_server: is from server - TRUE
conversation = 00000236BB6CF320, ssl_session = 00000236BB6D07C0
record: offset = 0, reported_length_remaining = 5001
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 4996, ssl state 0x97
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available