This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

not able to decrypt ssl traffic in wireshark using SessionID and MasterKey

1
1

Hi,

I am trying to decrypt SSL traffic in wireshark . I dont have server given private key but instead I am trying with SessionID and Master key. I have exported the key file under Edit->Preferences->Protocols->SSL -> (Pre)-Master-Secret log filename option. Still Wireshark is not able to decrypt SSL traffic. Need help on this. I am using wireshark 1.10.5. Below is the configuration I have used. Running openssl server on linux box. openssl client on windows xp. Using self signed certificate.

Linux:

openssl req -new -x509 -out server.cert -keyout server.pem ..... openssl s_server -www -cipher AES256-SHA -cert server.cert -key server.pem ......

Windows xp:

openssl s_client -connect <ipaddress: 4443=""> ...... GET / HTTP/1.0 .......

Example session_key.key file

RSA Session-ID:0E1A3AAD99A68936E242D4BB2A2F66197F466FD7883D5AA604B9EF5EFC6EF5EE Master-Key:8186F7C4137167EFD92298F01FC07C0236DDC016BD1C3B559F17C87F63270945C975B37CBE24D29A44B0ED9643D59D1F

Appreciate any help.

Thanks

asked 17 Jan '14, 02:30

Phani's gravatar image

Phani
16122
accept rate: 0%

Still having this problem with Wireshark 1.11.x or 1.12.x?

(30 Jun '14, 10:40) Lekensteyn