Hello,
I have a device in a network doing SSL sniffing (man in the middle) I have the private key that it uses (this key is manually trusted by the hosts). When I instal the private key into wireshark, and open a capture I do not see any clear text packets.
I also don't appear to be using DH which semes to be a common issue.
Some of the logs:
dissect_ssl enter frame #74 (first time) packet_from_server: is from server - TRUE conversation = 0000022B22750860, ssl_session = 0000022B22755170 record: offset = 0, reported_length_remaining = 1460
dissect_ssl enter frame #75 (first time) packet_from_server: is from server - TRUE conversation = 0000022B22750860, ssl_session = 0000022B22755170 record: offset = 0, reported_length_remaining = 1415
dissect_ssl enter frame #76 (first time) packet_from_server: is from server - TRUE conversation = 0000022B22750860, ssl_session = 0000022B22755170 record: offset = 0, reported_length_remaining = 9 dissect_ssl3_record: content_type 22 Handshake Calculating hash with offset 5 4 decrypt_ssl3_record: app_data len 4, ssl state 0x10 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9
dissect_ssl enter frame #80 (first time) packet_from_server: is from server - TRUE conversation = 0000022B22750860, ssl_session = 0000022B22755170 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 Change Cipher Spec ssl_dissect_change_cipher_spec Not using Session resumption trying to use SSL keylog in C:\mykey.KEY ssl_load_keyfile failed to open SSL keylog ssl_finalize_decryption state = 0x210 Cipher suite (Server Hello) is missing! packet_from_server: is from server - TRUE ssl_change_cipher SERVER