Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Decyption Issue with SSL-key-log file

Please see below debug logs for TLS decryption, I have provided the SSL-key-log file and still error message I get is:

trying to use TLS keylog in /tmp/ssl-keys.log ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17 ssl_restore_master_key can't find pre-master secret by Unencrypted pre-master secret ssl_decrypt_pre_master_secret: session uses Diffie-Hellman key exchange (cipher suite 0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) and cannot be decrypted using a RSA private key file. ssl_generate_pre_master_secret: can't decrypt pre-master secret ssl_restore_master_key can't find pre-master secret by Encrypted pre-master secret

Below is the complete DEBUG, can someone help if I am missing something here:

Wireshark SSL debug log

Wireshark version: 3.0.7 (Git v3.0.7 packaged as 3.0.7-1~ubuntu16.04.0+wiresharkdevstable1) GnuTLS version: 3.4.10 Libgcrypt version: 1.6.5

dissect_ssl enter frame #6 (first time) packet_from_server: is from server - FALSE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 88 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 83, ssl state 0x00 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 1 offset 5 length 79 bytes, remaining 88 Calculating hash with offset 5 83 ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #8 (first time) packet_from_server: is from server - TRUE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 1448 need_desegmentation: offset = 0, reported_length_remaining = 1448

dissect_ssl enter frame #9 (first time) packet_from_server: is from server - TRUE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 1496 ssl_try_set_version found version 0x0301 -> state 0x11 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 1491, ssl state 0x11 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 1496 ssl_try_set_version found version 0x0301 -> state 0x11 Calculating hash with offset 5 81 ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13 ssl_set_cipher found CIPHER 0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA -> state 0x17 trying to use TLS keylog in /tmp/ssl-keys.log checking keylog line: CLIENT_RANDOM 004a2415fc13b7f7eebd623c4662ae7baabdafe2e70e4b39ad4a988e261b2704 619bb1d677fc437d370223399a3659d409fe2e6b7dab94086b0d4f1eec0527667ee75f2436ba2096628e48c849469cff matched client_random checking keylog line: CLIENT_RANDOM bad1e955e324c9ba39653eb7fac9cb51d316851943896b967332d1be49800e48 f8dd1ef1d8ef03a25f850fe68cc203a770c5d3bf0d895d8220c2f1554da23da5d05563aea596c8965d6a53d77ceecd91 matched client_random checking keylog line: CLIENT_RANDOM c07f11ed08132ec578816018357e32f4f7162ccc82d085a1babb2c9ce8e7f3f6 f1d1847b50bc64f8ef923216f4f0c20bacb211377266a67e02c171ccf862eb6ddfd8076d0bfe0b68e97567dfe8197b30 matched client_random checking keylog line: CLIENT_RANDOM 38e1db27e63e89a0da8ac8b382c8dad60d12bf46bdf03ef3005ba14853ab531b 1226e0e645963b4198c7aa84805d8bb603e8c05c1bcd643e9c267b390bedf429a66c9dee795f3c6cf5dc28d6f2d4a10c matched client_random checking keylog line: CLIENT_RANDOM ab9effa62810c4ed9c61037fc9d53429f9d90d07e9bc68a4189c6185c62b64c8 e71bf66a76a0d23128c39b8044700676b6c126101b84a03258455ca8d72c91ead66436b155ee784d46b9366a736e4578 matched client_random checking keylog line: CLIENT_RANDOM 8999f07691836ac2f6bff4dbee97a0c6de212822c7a49a31336c4b7b54e8c6bc a3649a5b343f5f1029024063b582cf0a495c4db014a803f9fe498d5893804baaf21d4e79f852a3a1c7029d9f120cbe14 matched client_random checking keylog line: CLIENT_RANDOM d47d8a489f5d58be0bc0c5c9bc5f8863dab9b25db25edaef90204ba00c52a59a a3649a5b343f5f1029024063b582cf0a495c4db014a803f9fe498d5893804baaf21d4e79f852a3a1c7029d9f120cbe14 matched client_random checking keylog line: CLIENT_RANDOM d6466dd43406ec733e85f09d01824b02d34d85a984c2f521f4a501c54ed015be de1472660c383c689ede7e90e2e4c5c596e2148215812dd34a8a7f161ac7a452fe691d773ccc0eaa3b73cdca5ddea684 matched client_random checking keylog line: CLIENT_HANDSHAKE_TRAFFIC_SECRET c113f9bdfcc84b9c13894fb7f6e96d1c096c644dded101e978927fb9858eaa10 3b2800a72d5bf593e7bc1cbc7b9d403a08dadd05cd539b229db394dc1212d2bf matched client_handshake checking keylog line: SERVER_HANDSHAKE_TRAFFIC_SECRET c113f9bdfcc84b9c13894fb7f6e96d1c096c644dded101e978927fb9858eaa10 3113ffec00dd138ecc3dd03988dce5a62e8aec747cf7b4ca53ee1cbd377301c0 matched server_handshake checking keylog line: CLIENT_TRAFFIC_SECRET_0 c113f9bdfcc84b9c13894fb7f6e96d1c096c644dded101e978927fb9858eaa10 9a7c7b96afc503946c1f785b22187cc6134a20a7b3dd73844f3f5eeeff06b2e1 matched client_appdata checking keylog line: SERVER_TRAFFIC_SECRET_0 c113f9bdfcc84b9c13894fb7f6e96d1c096c644dded101e978927fb9858eaa10 1d1016c84941d40e2245954d066bb9d26b4384b5f82ed2c4dceea85086347687 matched server_appdata checking keylog line: EXPORTER_SECRET c113f9bdfcc84b9c13894fb7f6e96d1c096c644dded101e978927fb9858eaa10 4fa0a975c106a338c7221df7b382fb993a34ced2a24161e89975941c14466860

matched exporter tls13_load_secret TLS version 0x301 is not 1.3 tls13_load_secret TLS version 0x301 is not 1.3 dissect_ssl3_handshake iteration 0 type 11 offset 86 length 847 bytes, remaining 1496 Calculating hash with offset 86 851 Certificate.KeyID[20]: | c1 9d 7a c0 ae e5 52 a7 40 fc d7 74 b6 2f a8 5a |[email protected]/.Z| | 46 25 18 82 |F%.. | dissect_ssl3_handshake iteration 0 type 12 offset 937 length 551 bytes, remaining 1496 Calculating hash with offset 937 555 dissect_ssl3_handshake iteration 0 type 14 offset 1492 length 0 bytes, remaining 1496 Calculating hash with offset 1492 4

dissect_ssl enter frame #12 (first time) packet_from_server: is from server - FALSE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 158 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 102, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 16 offset 5 length 98 bytes, remaining 107 Calculating hash with offset 5 102 trying to use TLS keylog in /tmp/ssl-keys.log ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17 ssl_restore_master_key can't find pre-master secret by Unencrypted pre-master secret ssl_decrypt_pre_master_secret: session uses Diffie-Hellman key exchange (cipher suite 0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) and cannot be decrypted using a RSA private key file. ssl_generate_pre_master_secret: can't decrypt pre-master secret ssl_restore_master_key can't find pre-master secret by Encrypted pre-master secret dissect_ssl3_handshake can't generate pre master secret record: offset = 107, reported_length_remaining = 51 dissect_ssl3_record: content_type 20 Change Cipher Spec decrypt_ssl3_record: app_data len 1, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available trying to use TLS keylog in /tmp/ssl-keys.log ssl_finalize_decryption state = 0x17 ssl_restore_master_key can't find master secret by Session ID ssl_restore_master_key can't find master secret by Client Random Cannot find master secret packet_from_server: is from server - FALSE ssl_change_cipher CLIENT record: offset = 113, reported_length_remaining = 45 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 40, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 232 offset 118 length 4729303 bytes, remaining 158

dissect_ssl enter frame #13 (first time) packet_from_server: is from server - TRUE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 Change Cipher Spec decrypt_ssl3_record: app_data len 1, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available ssl_dissect_change_cipher_spec Not using Session resumption trying to use TLS keylog in /tmp/ssl-keys.log ssl_finalize_decryption state = 0x17 ssl_restore_master_key can't find master secret by Session ID ssl_restore_master_key can't find master secret by Client Random Cannot find master secret packet_from_server: is from server - TRUE ssl_change_cipher SERVER

dissect_ssl enter frame #14 (first time) packet_from_server: is from server - TRUE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 45 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 40, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 109 offset 5 length 12560784 bytes, remaining 45

dissect_ssl enter frame #16 (first time) packet_from_server: is from server - FALSE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 237 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 232, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available

dissect_ssl enter frame #18 (first time) packet_from_server: is from server - FALSE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 477 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 472, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available

Decyption Issue with SSL-key-log file

Please see below debug logs for TLS decryption, I have provided the SSL-key-log file and still error message I get is:

trying to use TLS keylog in /tmp/ssl-keys.log /tmp/ssl-keys.log

ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17
ssl_restore_master_key can't find pre-master secret by Unencrypted pre-master secret
ssl_decrypt_pre_master_secret: session uses Diffie-Hellman key exchange (cipher suite 0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) and cannot be decrypted using a RSA private key file.
ssl_generate_pre_master_secret: can't decrypt pre-master secret
ssl_restore_master_key can't find pre-master secret by Encrypted pre-master secret

secret

Below is the complete DEBUG, can someone help if I am missing something here:

Wireshark SSL debug log

Wireshark version: 3.0.7 (Git v3.0.7 packaged as 3.0.7-1~ubuntu16.04.0+wiresharkdevstable1)
GnuTLS version:    3.4.10
Libgcrypt version: 1.6.5

1.6.5 dissect_ssl enter frame #6 (first time) packet_from_server: is from server - FALSE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 88 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 83, ssl state 0x00 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 1 offset 5 length 79 bytes, remaining 88 Calculating hash with offset 5 83 ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01

0x01 dissect_ssl enter frame #8 (first time) packet_from_server: is from server - TRUE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 1448 need_desegmentation: offset = 0, reported_length_remaining = 1448

1448 dissect_ssl enter frame #9 (first time) packet_from_server: is from server - TRUE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 1496 ssl_try_set_version found version 0x0301 -> state 0x11 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 1491, ssl state 0x11 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 1496 ssl_try_set_version found version 0x0301 -> state 0x11 Calculating hash with offset 5 81 ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13 ssl_set_cipher found CIPHER 0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA -> state 0x17 trying to use TLS keylog in /tmp/ssl-keys.log checking keylog line: CLIENT_RANDOM 004a2415fc13b7f7eebd623c4662ae7baabdafe2e70e4b39ad4a988e261b2704 619bb1d677fc437d370223399a3659d409fe2e6b7dab94086b0d4f1eec0527667ee75f2436ba2096628e48c849469cff matched client_random checking keylog line: CLIENT_RANDOM bad1e955e324c9ba39653eb7fac9cb51d316851943896b967332d1be49800e48 f8dd1ef1d8ef03a25f850fe68cc203a770c5d3bf0d895d8220c2f1554da23da5d05563aea596c8965d6a53d77ceecd91 matched client_random checking keylog line: CLIENT_RANDOM c07f11ed08132ec578816018357e32f4f7162ccc82d085a1babb2c9ce8e7f3f6 f1d1847b50bc64f8ef923216f4f0c20bacb211377266a67e02c171ccf862eb6ddfd8076d0bfe0b68e97567dfe8197b30 matched client_random checking keylog line: CLIENT_RANDOM 38e1db27e63e89a0da8ac8b382c8dad60d12bf46bdf03ef3005ba14853ab531b 1226e0e645963b4198c7aa84805d8bb603e8c05c1bcd643e9c267b390bedf429a66c9dee795f3c6cf5dc28d6f2d4a10c matched client_random checking keylog line: CLIENT_RANDOM ab9effa62810c4ed9c61037fc9d53429f9d90d07e9bc68a4189c6185c62b64c8 e71bf66a76a0d23128c39b8044700676b6c126101b84a03258455ca8d72c91ead66436b155ee784d46b9366a736e4578 matched client_random checking keylog line: CLIENT_RANDOM 8999f07691836ac2f6bff4dbee97a0c6de212822c7a49a31336c4b7b54e8c6bc a3649a5b343f5f1029024063b582cf0a495c4db014a803f9fe498d5893804baaf21d4e79f852a3a1c7029d9f120cbe14 matched client_random checking keylog line: CLIENT_RANDOM d47d8a489f5d58be0bc0c5c9bc5f8863dab9b25db25edaef90204ba00c52a59a a3649a5b343f5f1029024063b582cf0a495c4db014a803f9fe498d5893804baaf21d4e79f852a3a1c7029d9f120cbe14 matched client_random checking keylog line: CLIENT_RANDOM d6466dd43406ec733e85f09d01824b02d34d85a984c2f521f4a501c54ed015be de1472660c383c689ede7e90e2e4c5c596e2148215812dd34a8a7f161ac7a452fe691d773ccc0eaa3b73cdca5ddea684 matched client_random checking keylog line: CLIENT_HANDSHAKE_TRAFFIC_SECRET c113f9bdfcc84b9c13894fb7f6e96d1c096c644dded101e978927fb9858eaa10 3b2800a72d5bf593e7bc1cbc7b9d403a08dadd05cd539b229db394dc1212d2bf matched client_handshake checking keylog line: SERVER_HANDSHAKE_TRAFFIC_SECRET c113f9bdfcc84b9c13894fb7f6e96d1c096c644dded101e978927fb9858eaa10 3113ffec00dd138ecc3dd03988dce5a62e8aec747cf7b4ca53ee1cbd377301c0 matched server_handshake checking keylog line: CLIENT_TRAFFIC_SECRET_0 c113f9bdfcc84b9c13894fb7f6e96d1c096c644dded101e978927fb9858eaa10 9a7c7b96afc503946c1f785b22187cc6134a20a7b3dd73844f3f5eeeff06b2e1 matched client_appdata checking keylog line: SERVER_TRAFFIC_SECRET_0 c113f9bdfcc84b9c13894fb7f6e96d1c096c644dded101e978927fb9858eaa10 1d1016c84941d40e2245954d066bb9d26b4384b5f82ed2c4dceea85086347687 matched server_appdata checking keylog line: EXPORTER_SECRET c113f9bdfcc84b9c13894fb7f6e96d1c096c644dded101e978927fb9858eaa10 4fa0a975c106a338c7221df7b382fb993a34ced2a24161e89975941c14466860

4fa0a975c106a338c7221df7b382fb993a34ced2a24161e89975941c14466860 matched exporter tls13_load_secret TLS version 0x301 is not 1.3 tls13_load_secret TLS version 0x301 is not 1.3 dissect_ssl3_handshake iteration 0 type 11 offset 86 length 847 bytes, remaining 1496 Calculating hash with offset 86 851 Certificate.KeyID[20]: | c1 9d 7a c0 ae e5 52 a7 40 fc d7 74 b6 2f a8 5a |[email protected]/.Z| | 46 25 18 82 |F%.. | dissect_ssl3_handshake iteration 0 type 12 offset 937 length 551 bytes, remaining 1496 Calculating hash with offset 937 555 dissect_ssl3_handshake iteration 0 type 14 offset 1492 length 0 bytes, remaining 1496 Calculating hash with offset 1492 4

4 dissect_ssl enter frame #12 (first time) packet_from_server: is from server - FALSE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 158 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 102, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 16 offset 5 length 98 bytes, remaining 107 Calculating hash with offset 5 102 trying to use TLS keylog in /tmp/ssl-keys.log ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17 ssl_restore_master_key can't find pre-master secret by Unencrypted pre-master secret ssl_decrypt_pre_master_secret: session uses Diffie-Hellman key exchange (cipher suite 0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) and cannot be decrypted using a RSA private key file. ssl_generate_pre_master_secret: can't decrypt pre-master secret ssl_restore_master_key can't find pre-master secret by Encrypted pre-master secret dissect_ssl3_handshake can't generate pre master secret record: offset = 107, reported_length_remaining = 51 dissect_ssl3_record: content_type 20 Change Cipher Spec decrypt_ssl3_record: app_data len 1, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available trying to use TLS keylog in /tmp/ssl-keys.log ssl_finalize_decryption state = 0x17 ssl_restore_master_key can't find master secret by Session ID ssl_restore_master_key can't find master secret by Client Random Cannot find master secret packet_from_server: is from server - FALSE ssl_change_cipher CLIENT record: offset = 113, reported_length_remaining = 45 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 40, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 232 offset 118 length 4729303 bytes, remaining 158

158 dissect_ssl enter frame #13 (first time) packet_from_server: is from server - TRUE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 Change Cipher Spec decrypt_ssl3_record: app_data len 1, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available ssl_dissect_change_cipher_spec Not using Session resumption trying to use TLS keylog in /tmp/ssl-keys.log ssl_finalize_decryption state = 0x17 ssl_restore_master_key can't find master secret by Session ID ssl_restore_master_key can't find master secret by Client Random Cannot find master secret packet_from_server: is from server - TRUE ssl_change_cipher SERVER

SERVER dissect_ssl enter frame #14 (first time) packet_from_server: is from server - TRUE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 45 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 40, ssl state 0x17 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 109 offset 5 length 12560784 bytes, remaining 45

45 dissect_ssl enter frame #16 (first time) packet_from_server: is from server - FALSE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 237 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 232, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available

available dissect_ssl enter frame #18 (first time) packet_from_server: is from server - FALSE conversation = 0x5561cf83f860, ssl_session = 0x5561cf8646d0 record: offset = 0, reported_length_remaining = 477 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 472, ssl state 0x17 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available

available