Hi !
I want to decrypt TLS frames with wireshark. I saw with the server Hello that ECDHE is used so RSA key is useless.
But even with SSLKEYLOGFILE decryption don't work.
Here is an extract of my ssl debug file :
dissect_ssl enter frame #355 (first time) packet_from_server: is from server - TRUE conversation = 0x55b3f6b2d370, ssl_session = 0x55b3f6b2e970 record: offset = 0, reported_length_remaining = 2658 ssl_try_set_version found version 0x0303 -> state 0x91 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 323, ssl state 0x91 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 319 bytes, remaining 328 ssl_try_set_version found version 0x0303 -> state 0x91 Calculating hash with offset 5 323 ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93 ssl_set_cipher found CIPHER 0xC02B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 -> state 0x97 ssl_dissect_hnd_hello_ext_alpn: changing handle (nil) to 0x55b3f385b390 (http2)trying to use SSL keylog in /home/lsalamani/sslkeylog.log tls13_change_key TLS version 0x303 is not 1.3 tls13_change_key TLS version 0x303 is not 1.3 record: offset = 328, reported_length_remaining = 2330 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 2197, ssl state 0x197 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 11 offset 333 length 2193 bytes, remaining 2530 Calculating hash with offset 333 2197 lookup(KeyID)[20]: | d4 88 42 e9 5d 7a c0 36 9d 5b d2 65 8f f4 0c 54 |..B.]z.6.[.e...T| | 54 d7 0f 30
|T..0 | ssl_find_private_key_by_pubkey: lookup result: (nil) record: offset = 2530, reported_length_remaining = 128 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 114, ssl state 0x197 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 12 offset 2535 length 110 bytes, remaining 2649 Calculating hash with offset 2535 114 record: offset = 2649, reported_length_remaining = 9 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 4, ssl state 0x197 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 14 offset 2654 length 0 bytes, remaining 2658 Calculating hash with offset 2654 4
