I tried to configure Wireshark according to https://wiki.wireshark.org/TLS to decrypt HTTPS but it doesn't work.
I extracted private key from the certificate as a PEM file and added it via Edit -> Preferences -> RSA Keys. I'm using cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256. But when I open pcap file the encrypted data remains encrypted.
The traces are collected on the client side. I can see Client Hello and Server Hello, I see the selected cipher suite but after that there is only Application Data instead of decoded HTTP.
Wireshark SSL debug log
Wireshark version: 3.2.1 (v3.2.1-0-gbf38a67724d0) GnuTLS version: 3.6.3 Libgcrypt version: 1.8.3
dissect_ssl enter frame #4 (first time) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 00000214164CA590 record: offset = 0, reported_length_remaining = 161 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 156, ssl state 0x00 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 1 offset 5 length 152 bytes Calculating hash with offset 5 156 ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #6 (first time) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 00000214164CA590 record: offset = 0, reported_length_remaining = 90 ssl_try_set_version found version 0x0303 -> state 0x91 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 85, ssl state 0x91 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 81 bytes ssl_try_set_version found version 0x0303 -> state 0x91 Calculating hash with offset 5 85 ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93 ssl_set_cipher found CIPHER 0x003D TLS_RSA_WITH_AES_256_CBC_SHA256 -> state 0x97 ssl_load_keyfile dtls/tls.keylog_file is not configured! tls13_load_secret TLS version 0x303 is not 1.3 tls13_load_secret TLS version 0x303 is not 1.3
dissect_ssl enter frame #8 (first time) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 00000214164CA590 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 Change Cipher Spec decrypt_ssl3_record: app_data len 1, ssl state 0x197 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available ssl_dissect_change_cipher_spec Session resumption using Session ID ssl_load_keyfile dtls/tls.keylog_file is not configured! ssl_finalize_decryption state = 0x197 ssl_restore_master_key can't find master secret by Session ID ssl_restore_master_key can't restore master secret using an empty Session Ticket ssl_restore_master_key can't find master secret by Client Random Cannot find master secret packet_from_server: is from server - TRUE ssl_change_cipher SERVER
dissect_ssl enter frame #10 (first time) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 00000214164CA590 record: offset = 0, reported_length_remaining = 85 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 80, ssl state 0x197 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #12 (first time) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 00000214164CA590 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 Change Cipher Spec decrypt_ssl3_record: app_data len 1, ssl state 0x197 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available ssl_load_keyfile dtls/tls.keylog_file is not configured! ssl_finalize_decryption state = 0x197 ssl_restore_master_key can't find master secret by Session ID ssl_restore_master_key can't find master secret by Client Random Cannot find master secret packet_from_server: is from server - FALSE ssl_change_cipher CLIENT
dissect_ssl enter frame #13 (first time) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 00000214164CA590 record: offset = 0, reported_length_remaining = 85 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 80, ssl state 0x197 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #14 (first time) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 00000214164CA590 record: offset = 0, reported_length_remaining = 469 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 464, ssl state 0x197 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #15 (first time) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 00000214164CA590 record: offset = 0, reported_length_remaining = 1189 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 1184, ssl state 0x197 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #18 (first time) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 00000214164CA590 record: offset = 0, reported_length_remaining = 501 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 496, ssl state 0x197 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #19 (first time) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 00000214164CA590 record: offset = 0, reported_length_remaining = 69 dissect_ssl3_record: content_type 21 Alert decrypt_ssl3_record: app_data len 64, ssl state 0x197 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #22 (first time) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 00000214164CA590 record: offset = 0, reported_length_remaining = 69 dissect_ssl3_record: content_type 21 Alert decrypt_ssl3_record: app_data len 64, ssl state 0x197 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #4 (already visited) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 161 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 1 offset 5 length 152 bytes
dissect_ssl enter frame #6 (already visited) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 90 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 2 offset 5 length 81 bytes
dissect_ssl enter frame #8 (already visited) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl enter frame #10 (already visited) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 85 dissect_ssl3_record: content_type 22 Handshake
dissect_ssl enter frame #12 (already visited) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl enter frame #13 (already visited) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 85 dissect_ssl3_record: content_type 22 Handshake
dissect_ssl enter frame #14 (already visited) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 469 dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #15 (already visited) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 1189 dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #18 (already visited) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 501 dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #19 (already visited) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 69 dissect_ssl3_record: content_type 21 Alert
dissect_ssl enter frame #22 (already visited) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 69 dissect_ssl3_record: content_type 21 Alert
dissect_ssl enter frame #4 (already visited) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 161 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 1 offset 5 length 152 bytes
dissect_ssl enter frame #6 (already visited) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 90 dissect_ssl3_record: content_type 22 Handshake dissect_ssl3_handshake iteration 1 type 2 offset 5 length 81 bytes
dissect_ssl enter frame #8 (already visited) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl enter frame #10 (already visited) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 85 dissect_ssl3_record: content_type 22 Handshake
dissect_ssl enter frame #12 (already visited) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl enter frame #13 (already visited) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 85 dissect_ssl3_record: content_type 22 Handshake
dissect_ssl enter frame #14 (already visited) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 469 dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #15 (already visited) packet_from_server: is from server - FALSE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 1189 dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #18 (already visited) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 501 dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #19 (already visited) packet_from_server: is from server - TRUE conversation = 00000214164C9A40, ssl_session = 0000000000000000 record: offset = 0, reported_length_remaining = 69 dissect_ssl3_record: content_type 21 Alert