Can anybody explain what "Type 21 error" means in Encryption Alert packages? Any reference to the protocol specs concerning these Alerts would be appreciated. Example here: https://www.cloudshark.org/captures/efebf7bba359 asked 13 Feb '16, 03:39  boiiingg |
One Answer:
What are you expecting to see? Type 21 is the TLS record type for an Alert Message which is always encrypted. Unless you have supplied sufficient keying material to allow Wireshark to decrypt the alert, that's all Wireshark can report. answered 14 Feb '16, 10:43  grahamb ♦ Thanks for your reply. I was looking for that actually. But where do I extract the keying info? I've got some experience with decrypting SSL streams having webserver keypairs, importing them in Wireshark. But I don't know if there is a way to obtain keying data from the clientside (for i.e. is there a browser-plugin that can export session keys for analysis?) (15 Feb '16, 00:46) boiiingg That's a separate Question, but as it has already been asked several times, please don't ask it once more and look through this site for "pre-master key log file export". (15 Feb '16, 01:15) sindy 1 Also see the Wiki page on SSL, especially the section on decrypting with a pre-master secret. (15 Feb '16, 06:17) grahamb ♦ |
BTW. If this "type 21" behaviour is according to specs, then different semantics in Wireshark would be an idea?