Revision history [back]
TLSv1.2 traffic not getting decrypted
I have tcpdump (pcap file) from a linux server which is listening to requests on a port from a load balancer. I have keys for the RSA load balancer/linux keys. I configured to use wireshark to decrypt SSL traffic -
0.0.0.0 http loadbalancer-rsa-decrypted-key-file
BUT it doesnt decrypt the traffic for me to analyze.
The cipher chosen by the server is - Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
ssl debug log
Is it because of TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384?
dissect_ssl enter frame #2439 (first time)
packet_from_server: is from server - TRUE
conversation = 0x11b094450, ssl_session = 0x11b094e80
record: offset = 0, reported_length_remaining = 79
ssl_try_set_version found version 0x0303 -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 74, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 79
ssl_try_set_version found version 0x0303 -> state 0x11
Calculating hash with offset 5 74
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_set_cipher found CIPHER 0x0035 TLS_RSA_WITH_AES_256_CBC_SHA -> state 0x17
ssl_load_keyfile dtls/ssl.keylog_file is not configured!
tls13_load_secret TLS version 0x303 is not 1.3
tls13_load_secret TLS version 0x303 is not 1.3
dissect_ssl enter frame #2491 (first time)
packet_from_server: is from server - TRUE
conversation = 0x11b09dae0, ssl_session = 0x11b09e760
record: offset = 0, reported_length_remaining = 86
ssl_try_set_version found version 0x0303 -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 81, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 86
ssl_try_set_version found version 0x0303 -> state 0x11
Calculating hash with offset 5 81
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_set_cipher found CIPHER 0xC028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 -> state 0x17
ssl_load_keyfile dtls/ssl.keylog_file is not configured!
tls13_load_secret TLS version 0x303 is not 1.3
tls13_load_secret TLS version 0x303 is not 1.3
TLSv1.2 traffic not getting decrypted
I have tcpdump (pcap file) from a linux server which is listening to requests on a port from a load balancer. I have keys for the RSA load balancer/linux keys. I configured to use wireshark to decrypt SSL traffic -
0.0.0.0 http loadbalancer-rsa-decrypted-key-file
BUT it doesnt decrypt the traffic for me to analyze.
The cipher chosen by the server is - Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
ssl debug log
Is it because becoz of TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384?
dissect_ssl enter frame #2439 (first time) packet_from_server: is from server - TRUE conversation = 0x11b094450, ssl_session = 0x11b094e80 record: offset = 0, reported_length_remaining = 79 ssl_try_set_version found version 0x0303 -> state 0x11 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 74, ssl state 0x11 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 79 ssl_try_set_version found version 0x0303 -> state 0x11 Calculating hash with offset 5 74 ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13 ssl_set_cipher found CIPHER 0x0035 TLS_RSA_WITH_AES_256_CBC_SHA -> state 0x17 ssl_load_keyfile dtls/ssl.keylog_file is not configured! tls13_load_secret TLS version 0x303 is not 1.3 tls13_load_secret TLS version 0x303 is not
TLSv1.2 traffic not getting decrypted
I have tcpdump (pcap file) from a linux server which is listening to requests on a port from a load balancer. I have keys for the RSA load balancer/linux keys. I configured to use wireshark to decrypt SSL traffic -
0.0.0.0 http loadbalancer-rsa-decrypted-key-file
BUT it doesnt decrypt the traffic for me to analyze.
The cipher chosen by the server is - Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
ssl debug log
Is it becoz of TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384?
dissect_ssl enter frame #2439 (first time) packet_from_server: is from server - TRUE conversation = 0x11b094450, ssl_session = 0x11b094e80 record: offset = 0, reported_length_remaining = 79 ssl_try_set_version found version 0x0303 -> state 0x11 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 74, ssl state 0x11 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 79 ssl_try_set_version found version 0x0303 -> state 0x11 Calculating hash with offset 5 74 ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13 ssl_set_cipher found CIPHER 0x0035 TLS_RSA_WITH_AES_256_CBC_SHA -> state 0x17 ssl_load_keyfile dtls/ssl.keylog_file is not configured! tls13_load_secret TLS version 0x303 is not 1.3 tls13_load_secret TLS version 0x303 is not 1.3
dissect_ssl enter frame #2491 (first time) packet_from_server: is from server - TRUE conversation = 0x11b09dae0, ssl_session = 0x11b09e760 record: offset = 0, reported_length_remaining = 86 ssl_try_set_version found version 0x0303 -> state 0x11 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 81, ssl state 0x11 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 86 ssl_try_set_version found version 0x0303 -> state 0x11 Calculating hash with offset 5 81 ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13 ssl_set_cipher found CIPHER 0xC028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 -> state 0x17 ssl_load_keyfile dtls/ssl.keylog_file is not configured! tls13_load_secret TLS version 0x303 is not 1.3 tls13_load_secret TLS version 0x303 is not 1.3
TLSv1.2 traffic not getting decrypted
I have tcpdump (pcap file) from a linux server which is listening to requests on a port from a load balancer. I have keys for the RSA load balancer/linux keys. I configured to use wireshark to decrypt SSL traffic -
0.0.0.0 http loadbalancer-rsa-decrypted-key-file
BUT it doesnt decrypt the traffic for me to analyze.
The cipher chosen by supported Ciphers on the server is URL are -
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
ssl2: EXP-RC2-CBC-MD5
ssl2: RC4-MD5
ssl2: EXP-RC4-MD5
ssl2: DES-CBC3-MD5
ssl2: DES-CBC-MD5
ssl2: EXP-RC2-CBC-MD5
ssl2: RC2-CBC-MD5
ssl2: EXP-RC4-MD5
ssl2: RC4-MD5
ssl3: ADH-SEED-SHA
ssl3: DHE-RSA-SEED-SHA
ssl3: DHE-DSS-SEED-SHA
ssl3: SEED-SHA
ssl3: ADH-AES256-SHA
ssl3: DHE-RSA-AES256-SHA
ssl3: DHE-DSS-AES256-SHA
ssl3: AES256-SHA
ssl3: ADH-AES128-SHA
ssl3: DHE-RSA-AES128-SHA
ssl3: DHE-DSS-AES128-SHA
ssl3: AES128-SHA
ssl3: ADH-DES-CBC3-SHA
ssl3: ADH-DES-CBC-SHA
ssl3: EXP-ADH-DES-CBC-SHA
ssl3: ADH-RC4-MD5
ssl3: EXP-ADH-RC4-MD5
ssl3: EDH-RSA-DES-CBC3-SHA
ssl3: EDH-RSA-DES-CBC-SHA
ssl3: EXP-EDH-RSA-DES-CBC-SHA
ssl3: EDH-DSS-DES-CBC3-SHA
ssl3: EDH-DSS-DES-CBC-SHA
ssl3: EXP-EDH-DSS-DES-CBC-SHA
ssl3: DES-CBC3-SHA
ssl3: DES-CBC-SHA
ssl3: EXP-DES-CBC-SHA
ssl3: EXP-RC2-CBC-MD5
ssl3: RC4-SHA
ssl3: RC4-MD5
ssl3: EXP-RC4-MD5
ssl3: EXP-RC2-CBC-MD5
ssl3: EXP-RC4-MD5
ssl3: RC4-MD5
ssl3: NULL-SHA
ssl3: NULL-MD5
tls1: ADH-SEED-SHA
tls1: DHE-RSA-SEED-SHA
tls1: DHE-DSS-SEED-SHA
tls1: SEED-SHA
tls1: ADH-AES256-SHA
tls1: DHE-RSA-AES256-SHA
tls1: DHE-DSS-AES256-SHA
tls1: AES256-SHA
tls1: ADH-AES128-SHA
tls1: DHE-RSA-AES128-SHA
tls1: DHE-DSS-AES128-SHA
tls1: AES128-SHA
tls1: ADH-DES-CBC3-SHA
tls1: ADH-DES-CBC-SHA
tls1: EXP-ADH-DES-CBC-SHA
tls1: ADH-RC4-MD5
tls1: EXP-ADH-RC4-MD5
tls1: EDH-RSA-DES-CBC3-SHA
tls1: EDH-RSA-DES-CBC-SHA
tls1: EXP-EDH-RSA-DES-CBC-SHA
tls1: EDH-DSS-DES-CBC3-SHA
tls1: EDH-DSS-DES-CBC-SHA
tls1: EXP-EDH-DSS-DES-CBC-SHA
tls1: DES-CBC3-SHA
tls1: DES-CBC-SHA
tls1: EXP-DES-CBC-SHA
tls1: EXP-RC2-CBC-MD5
tls1: RC4-SHA
tls1: RC4-MD5
tls1: EXP-RC4-MD5
tls1: EXP-RC2-CBC-MD5
tls1: EXP-RC4-MD5
tls1: RC4-MD5
tls1: NULL-SHA
tls1: NULL-MD5
TLSv1.2 traffic not getting decrypted
I have tcpdump (pcap file) from a linux server which is listening to requests on a port from a load balancer. I have keys for the RSA load balancer/linux keys. I configured to use wireshark to decrypt SSL traffic -
0.0.0.0 http loadbalancer-rsa-decrypted-key-file
BUT it doesnt decrypt the traffic for me to analyze.
The supported Ciphers on the URL are -
TLSv1.2 traffic not getting decrypted
I have tcpdump (pcap file) from a linux server which is listening to requests on a port from a Netscaler load balancer.
I have keys for the RSA load balancer/linux netscaler/linux keys.
I configured to use wireshark to decrypt SSL traffic -
0.0.0.0 http loadbalancer-rsa-decrypted-key-filenetscaler-rsa-decrypted-key-file
BUT it doesnt decrypt the traffic for me to analyze.
The supported Ciphers on the URL are -
ssl2: EXP-RC2-CBC-MD5
ssl2: RC4-MD5
ssl2: EXP-RC4-MD5
ssl2: DES-CBC3-MD5
ssl2: DES-CBC-MD5
ssl2: EXP-RC2-CBC-MD5
ssl2: RC2-CBC-MD5
ssl2: EXP-RC4-MD5
ssl2: RC4-MD5
ssl3: ADH-SEED-SHA
ssl3: DHE-RSA-SEED-SHA
ssl3: DHE-DSS-SEED-SHA
ssl3: SEED-SHA
ssl3: ADH-AES256-SHA
ssl3: DHE-RSA-AES256-SHA
ssl3: DHE-DSS-AES256-SHA
ssl3: AES256-SHA
ssl3: ADH-AES128-SHA
ssl3: DHE-RSA-AES128-SHA
ssl3: DHE-DSS-AES128-SHA
ssl3: AES128-SHA
ssl3: ADH-DES-CBC3-SHA
ssl3: ADH-DES-CBC-SHA
ssl3: EXP-ADH-DES-CBC-SHA
ssl3: ADH-RC4-MD5
ssl3: EXP-ADH-RC4-MD5
ssl3: EDH-RSA-DES-CBC3-SHA
ssl3: EDH-RSA-DES-CBC-SHA
ssl3: EXP-EDH-RSA-DES-CBC-SHA
ssl3: EDH-DSS-DES-CBC3-SHA
ssl3: EDH-DSS-DES-CBC-SHA
ssl3: EXP-EDH-DSS-DES-CBC-SHA
ssl3: DES-CBC3-SHA
ssl3: DES-CBC-SHA
ssl3: EXP-DES-CBC-SHA
ssl3: EXP-RC2-CBC-MD5
ssl3: RC4-SHA
ssl3: RC4-MD5
ssl3: EXP-RC4-MD5
ssl3: EXP-RC2-CBC-MD5
ssl3: EXP-RC4-MD5
ssl3: RC4-MD5
ssl3: NULL-SHA
ssl3: NULL-MD5
tls1: ADH-SEED-SHA
tls1: DHE-RSA-SEED-SHA
tls1: DHE-DSS-SEED-SHA
tls1: SEED-SHA
tls1: ADH-AES256-SHA
tls1: DHE-RSA-AES256-SHA
tls1: DHE-DSS-AES256-SHA
tls1: AES256-SHA
tls1: ADH-AES128-SHA
tls1: DHE-RSA-AES128-SHA
tls1: DHE-DSS-AES128-SHA
tls1: AES128-SHA
tls1: ADH-DES-CBC3-SHA
tls1: ADH-DES-CBC-SHA
tls1: EXP-ADH-DES-CBC-SHA
tls1: ADH-RC4-MD5
tls1: EXP-ADH-RC4-MD5
tls1: EDH-RSA-DES-CBC3-SHA
tls1: EDH-RSA-DES-CBC-SHA
tls1: EXP-EDH-RSA-DES-CBC-SHA
tls1: EDH-DSS-DES-CBC3-SHA
tls1: EDH-DSS-DES-CBC-SHA
tls1: EXP-EDH-DSS-DES-CBC-SHA
tls1: DES-CBC3-SHA
tls1: DES-CBC-SHA
tls1: EXP-DES-CBC-SHA
tls1: EXP-RC2-CBC-MD5
tls1: RC4-SHA
tls1: RC4-MD5
tls1: EXP-RC4-MD5
tls1: EXP-RC2-CBC-MD5
tls1: EXP-RC4-MD5
tls1: RC4-MD5
tls1: NULL-SHA
tls1: NULL-MD5NULL-MD5