Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Unsuccessful decryption of TLS v1.2.

Hi. I'm running Wireshark 2.6.1. I have a small .pcap that includes 26 packets: A TCP handshake, a "full" SSL session creation sequence (no session reuse, and including the Client Key Exchange), plus 6 Application Data packets.

I have configured my SSL preferences for decryption, but Wireshark does not decrypt the Application Data packets.

I was given a .pfx file "alleged" to be the right one, but I have my doubts. I have looked at the SSL Debug log, hoping to prove that the .pfx is the wrong one, but I'm unable to tell why the decryption attempt failed - I'm just not that skilled in interpreting those log files (yet!).

I apologize in advance, but I'm very reluctant to attach the trace file itself, due to very strict security constraints at my firm. But I will attach the SSL Debug log. And I will also mention that the Client Key Exchange is in frame 11.

2 questions...

Is the attached SSL Debug log enough for someone on this forum to diagnose why decryption failed?

Is there documentation on the many SSL Debug log messages, which would help me to get better at answering this type of question myself?

Thanx much. C:\fakepath\SSL_Debug_CLEANSED.txt feenyman99