VoIP TLS Sessions are not decrypted, even with private Key
I'm trying to decrypte a SBC vs. Skype for Business (MediationServer) connection. The Server Private Key is loaded into wireshark and SSL ist set to IP Address of the Server (SBC) --> SBC is The Server, because the TLS Handshake starts with a Client Hello form Skype for Business.
The Debugfile is attached --> Is pasted below...
Skype for Business uses Port 5067 (SIP Trunk) but still I cannot decrypt the File. Did I do something wrong?
I have installed Wireshark V2.6.1
******************************************************************
Wireshark SSL debug log
Wireshark version: 2.6.1 (v2.6.1-0-g860a78b3)
GnuTLS version: 3.4.11
Libgcrypt version: 1.7.6
KeyID[20]:
| b5 26 c9 74 2e a0 dx cx bx 1x 2x 26 6f 18 18 62 |.&.t......'&o..b|
| 3e x7 54 90 |>.T. |
ssl_init private key file C:xxxxxxxx/test.pem successfully loaded.
dissect_ssl enter frame #3 (first time)
packet_from_server: is from server - FALSE
conversation = 00000270F64E4B50, ssl_session = 00000270F64E5560
record: offset = 0, reported_length_remaining = 174
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 169, ssl state 0x00
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 165 bytes, remaining 174
Calculating hash with offset 5 169
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #4 (first time)
packet_from_server: is from server - TRUE
conversation = 00000270F64E4B50, ssl_session = 00000270F64E5560
record: offset = 0, reported_length_remaining = 1460
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 49, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 45 bytes, remaining 54
ssl_try_set_version found version 0x0303 -> state 0x91
Calculating hash with offset 5 49
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0x009F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 -> state 0x97
ssl_load_keyfile dtls/ssl.keylog_file is not configured!
tls13_load_secret TLS version 0x303 is not 1.3
tls13_load_secret TLS version 0x303 is not 1.3
record: offset = 54, reported_length_remaining = 1406
need_desegmentation: offset = 54, reported_length_remaining = 1406
dissect_ssl enter frame #7 (first time)
packet_from_server: is from server - TRUE
conversation = 00000270F64E4B50, ssl_session = 00000270F64E5560
record: offset = 0, reported_length_remaining = 4177
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4172, ssl state 0x97
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 5 length 4168 bytes, remaining 4177
Calculating hash with offset 5 4172
lookup(KeyID)[20]:
| 13 16 e1 a5 3c 5b 84 5c 57 06 03 09 61 98 26 65 |....<[.\W...a.&e|
| 81 ed f3 2c |..., |
ssl_find_private_key_by_pubkey: lookup result: 0000000000000000
dissect_ssl enter frame #7 (first time)
packet_from_server: is from server - TRUE
conversation = 00000270F64E4B50, ssl_session = 00000270F64E5560
record: offset = 0, reported_length_remaining = 149
need_desegmentation: offset = 0, reported_length_remaining = 149
dissect_ssl enter frame #8 (first time)
packet_from_server: is from server - TRUE
conversation = 00000270F64E4B50, ssl_session = 00000270F64E5560
record: offset = 0, reported_length_remaining = 532
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 527, ssl state 0x97
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available ...add a comment
