I followed the instructions in https://wiki.wireshark.org/TLS Unfortunately my session does not decode. I am using Wireshark 3.6.1 on Windows 10 I've tried using: Chrome Version 97.0.4692.99 (Official Build) (64-bit) Firefox 96.0.3 (64-bit)
I am setting the environment variable from a script as suggested I can see that the file is created when the browser start script is run.
Here is the excerpt from the logfile that seems to be relevant
2027 is the client hello immediately after the TCP handshake completes.
2030 is the server hello
2034 shows application data.
Any suggestions would be gratefully Received.
dissect_ssl enter frame #2027 (first time) packet_from_server: is from server - FALSE conversation = 00000236BB6CF320, ssl_session = 00000236BB6D07C0 record: offset = 0, reported_length_remaining = 517 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 512, ssl state 0x00 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 1 offset 5 length 508 bytes Calculating hash with offset 5 512 ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #2030 (first time) packet_from_server: is from server - TRUE conversation = 00000236BB6CF320, ssl_session = 00000236BB6D07C0 record: offset = 0, reported_length_remaining = 1414 ssl_try_set_version found version 0x0303 -> state 0x91 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 122, ssl state 0x91 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 118 bytes ssl_try_set_version found version 0x0304 -> state 0x91 ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93 ssl_set_cipher found CIPHER 0x1301 TLS_AES_128_GCM_SHA256 -> state 0x97 trying to use TLS keylog in C:\Users\ptcro\Documents\Wireshark\keylogfile.txt checking keylog line: CLIENT_HANDSHAKE_TRAFFIC_SECRET 66b6f23776dc56679574d74c9fbcff5937db50859e66494269c7328e64627a98 280a7cba7701a3ec4c9dcee63c1ac612e25db29bc76aa8cd8dc9f053e62800b5 matched client_handshake checking keylog line: SERVER_HANDSHAKE_TRAFFIC_SECRET 66b6f23776dc56679574d74c9fbcff5937db50859e66494269c7328e64627a98 2c5fe95616deb0200d8e156d54e392b0233debfea38e1099782acca007ebc71e matched server_handshake checking keylog line: CLIENT_TRAFFIC_SECRET_0 66b6f23776dc56679574d74c9fbcff5937db50859e66494269c7328e64627a98 1323e0b35ada89c6b4757f0e8cc20a770b4cc8b1e2563d7ea11736c269399621 matched client_appdata checking keylog line: SERVER_TRAFFIC_SECRET_0 66b6f23776dc56679574d74c9fbcff5937db50859e66494269c7328e64627a98 e428d0f2c506211e48f088d7ad87f583dd4e44a6f3a7f044050ee29cb109e88e matched server_appdata checking keylog line: EXPORTER_SECRET 66b6f23776dc56679574d74c9fbcff5937db50859e66494269c7328e64627a98 328f323ad2033fd0ffd85e68d10d366d60ec7cee2dd7b248af48ad01d7b9d27e matched exporter tls13_load_secret transitioning to new key, old state 0x97 tls13_load_secret Cannot find CLIENT_HANDSHAKE_TRAFFIC_SECRET, decryption impossible tls13_load_secret transitioning to new key, old state 0x97 tls13_load_secret Cannot find SERVER_HANDSHAKE_TRAFFIC_SECRET, decryption impossible record: offset = 127, reported_length_remaining = 1287 dissect_ssl3_record: content_type 20 Change Cipher Spec record: offset = 133, reported_length_remaining = 1281 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 36, ssl state 0x97 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available record: offset = 174, reported_length_remaining = 1240 need_desegmentation: offset = 174, reported_length_remaining = 1240
dissect_ssl enter frame #2034 (first time) packet_from_server: is from server - TRUE conversation = 00000236BB6CF320, ssl_session = 00000236BB6D07C0 record: offset = 0, reported_length_remaining = 5001 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 4996, ssl state 0x97 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available