I'm trying to decrypt my tls pcap trace using ssldump and it doesn't work, but I'm able to do it in wireshark, providing correct keys and certificates (so I supposed they don't have any problem).
I'm asking if someone has a tested ssl trace to share togheter with the related certificates/keys, so I can understand if the problem is a ssldump bug, or just my fault. I was looking on the internet but I can't find anything useful...
I also installed the patch #8 from http://sourceforge.net/p/ssldump/patches/
I work on CentOS 6, OpenSSL version 1.0.1j
Thanks
Update
I download from wireshark sample captures wiki the following trace+key
SSL with decryption keys File: snakeoil2_070531.tgz Description: Example of SSL encrypted HTTPS traffic and the key to decrypt it. (example taken from the dev mailinglist)
and I'm able to see all the decrypted HTTP data traffic via wireshark.
Again, with SSldump I'm not able to decrypt the application data traffic. My output is the following:
$ ssldump -r snakeoil2.cap -k snakeoil2.key -d
New TCP connection #1: localhost(38713) <-> localhost(443)
1 1 0.0001 (0.0001) C>S SSLv2 compatible client hello
Version 3.0
cipher suites
SSL2_CK_RC4
SSL2_CK_RC2
SSL2_CK_3DES
SSL2_CK_DES
SSL2_CK_RC4_EXPORT40
SSL2_CK_RC2_EXPORT40
SSL_DHE_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_DSS_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfeff
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
Unknown value 0xfefe
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
1 2 0.0021 (0.0020) S>C Handshake
ServerHello
Version 3.0
session_id[32]=
a0 fb 60 86 3d 1e 76 f3 30 fe 0b 01 fd 1a 01 ed
95 f6 7b 8e c0 d4 27 bf f0 6e c7 56 b1 47 ce 98
cipherSuite SSL_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
1 3 0.0021 (0.0000) S>C Handshake
Certificate
1 4 0.0021 (0.0000) S>C Handshake
ServerHelloDone
1 5 2.8089 (2.8067) C>S Handshake
ClientKeyExchange
1 6 2.8089 (0.0000) C>S ChangeCipherSpec
1 7 2.8089 (0.0000) C>S Handshake
1 8 2.8227 (0.0138) S>C ChangeCipherSpec
1 9 2.8227 (0.0000) S>C Handshake
1 10 2.8330 (0.0103) C>S application_data
1 11 2.9384 (0.1054) S>C Handshake
1 12 2.9387 (0.0002) C>S Handshake
1 13 2.9389 (0.0002) S>C Handshake
1 14 2.9389 (0.0000) S>C Handshake
1 15 2.9389 (0.0000) S>C Handshake
1 16 2.9400 (0.0010) C>S Handshake
1 17 2.9400 (0.0000) C>S ChangeCipherSpec
1 18 2.9400 (0.0000) C>S Handshake
1 19 2.9434 (0.0033) S>C ChangeCipherSpec
1 20 2.9434 (0.0000) S>C Handshake
1 21 2.9448 (0.0014) S>C application_data
1 22 2.9448 (0.0000) S>C application_data
1 23 2.9644 (0.0195) C>S application_data
New TCP connection #2: localhost(38714) <-> localhost(443)
2 1 0.0002 (0.0002) C>S Handshake
ClientHello
Version 3.0
resume [32]=
a3 ca ad 46 95 5d 64 bb 33 ec b5 12 91 21 a3 50
d2 c0 c5 f6 67 c3 cc 9e c0 4a 71 1b 92 dc 58 55
cipher suites
SSL_DHE_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_DSS_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfeff
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
Unknown value 0xfefe
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
compression methods
NULL
2 2 0.0277 (0.0274) S>C Handshake
ServerHello
Version 3.0
session_id[32]=
a3 ca ad 46 95 5d 64 bb 33 ec b5 12 91 21 a3 50
d2 c0 c5 f6 67 c3 cc 9e c0 4a 71 1b 92 dc 58 55
cipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA
compressionMethod NULL
2 3 0.0277 (0.0000) S>C ChangeCipherSpec
2 4 0.0277 (0.0000) S>C Handshake
2 5 0.0282 (0.0005) C>S ChangeCipherSpec
2 6 0.0282 (0.0000) C>S Handshake
2 7 0.0282 (0.0000) C>S application_data
2 8 0.0289 (0.0006) S>C application_data
2 9 0.0289 (0.0000) S>C application_data
2 10 0.0292 (0.0003) C>S application_data
2 11 0.0296 (0.0003) S>C application_data
2 12 0.0296 (0.0000) S>C application_data
1 24 3.5016 (0.5372) S>C application_data
1 25 3.5016 (0.0000) S>C application_data
2 13 0.5424 (0.5128) C>S application_data
2 14 0.5429 (0.0005) S>C application_data
2 15 0.5429 (0.0000) S>C application_data
1 26 6.0378 (2.5362) C>S application_data
1 27 6.0411 (0.0033) S>C application_data
1 28 6.0411 (0.0000) S>C application_data
2 16 3.1243 (2.5814) C>S application_data
2 17 3.1455 (0.0212) S>C application_data
2 18 3.1455 (0.0000) S>C application_data
1 29 9.2325 (3.1914) C>S application_data
1 30 9.2359 (0.0033) S>C application_data
1 31 9.2359 (0.0000) S>C application_data
1 32 9.3185 (0.0826) C>S application_data
2 19 6.3589 (3.2133) C>S application_data
1 33 9.3276 (0.0090) S>C application_data
1 34 9.3276 (0.0000) S>C application_data
2 20 6.3632 (0.0043) S>C application_data
2 21 6.3632 (0.0000) S>C application_data
1 35 12.3565 (3.0289) C>S application_data
1 36 12.3682 (0.0116) S>C application_data
1 37 12.3682 (0.0000) S>C application_data
Any idea of what error/wrong configuration can prevent me from decrypting?
