decrypt TLS (cipher ECDHE ) using SSLKEYLOGFILE
Hi !
I want to decrypt TLS frames with wireshark. I saw with the server Hello that ECDHE is used so RSA key is useless.
But even with SSLKEYLOGFILE decryption don't work.
Here is an extract of my ssl debug file :
dissect_ssl enter frame #355 (first time)
packet_from_server: is from server - TRUE
conversation = 0x55b3f6b2d370, ssl_session = 0x55b3f6b2e970
record: offset = 0, reported_length_remaining = 2658
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 323, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 319 bytes, remaining 328
ssl_try_set_version found version 0x0303 -> state 0x91
Calculating hash with offset 5 323
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0xC02B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 -> state 0x97
ssl_dissect_hnd_hello_ext_alpn: changing handle (nil) to 0x55b3f385b390 (http2)trying to use SSL keylog in /home/lsalamani/sslkeylog.log
tls13_change_key TLS version 0x303 is not 1.3
tls13_change_key TLS version 0x303 is not 1.3
record: offset = 328, reported_length_remaining = 2330
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 2197, ssl state 0x197
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 333 length 2193 bytes, remaining 2530
Calculating hash with offset 333 2197
lookup(KeyID)[20]:
| d4 88 42 e9 5d 7a c0 36 9d 5b d2 65 8f f4 0c 54 |..B.]z.6.[.e...T|
| 54 d7 0f 30 |T..0 |
ssl_find_private_key_by_pubkey: lookup result: (nil)
record: offset = 2530, reported_length_remaining = 128
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 114, ssl state 0x197
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 12 offset 2535 length 110 bytes, remaining 2649
Calculating hash with offset 2535 114
record: offset = 2649, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4, ssl state 0x197
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 2654 length 0 bytes, remaining 2658
Calculating hash with offset 2654 4
Your ssl dbg log is virtually unreadable due to the formatting. Can you edit your question and simply paste the contents of the log file in, highlight it and then click the code button (101010) to format it as code?
Thanks to the tips ! It's done