我试图使用ssldump解密我的tls pcap跟踪并且它不起作用,但我能够在wireshark中执行此操作,提供正确的密钥和证书(所以我认为他们不会#39; t有任何问题。)
我问是否有人有经过测试的ssl跟踪与相关的证书/密钥共享togheter,所以我可以理解问题是ssldump错误,还是我的错。我在网上看,但我找不到任何有用的东西......
我还从http://sourceforge.net/p/ssldump/patches/
安装了补丁#8我在CentOS 6,OpenSSL版本1.0.1j上工作
谢谢
我从wireshark sample captures wiki下载了以下跟踪+密钥
带解密密钥的SSL 文件:snakeoil2_070531.tgz 描述:SSL加密的HTTPS流量示例和解密它的密钥。 (例如取自dev邮件列表)
我可以通过wireshark查看所有解密的HTTP数据流量。
同样,使用SSldump,我无法解密应用程序数据流量。我的输出如下:
$ ssldump -r snakeoil2.cap -k snakeoil2.key -d
New TCP connection #1: localhost(38713) <-> localhost(443)
1 1 0.0001 (0.0001) C>S SSLv2 compatible client hello
Version 3.0
cipher suites
SSL2_CK_RC4
SSL2_CK_RC2
SSL2_CK_3DES
SSL2_CK_DES
SSL2_CK_RC4_EXPORT40
SSL2_CK_RC2_EXPORT40
SSL_DHE_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_DSS_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfeff
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
Unknown value 0xfefe
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
1 2 0.0021 (0.0020) S>C Handshake
ServerHello
Version 3.0
session_id[32]=
a0 fb 60 86 3d 1e 76 f3 30 fe 0b 01 fd 1a 01 ed
95 f6 7b 8e c0 d4 27 bf f0 6e c7 56 b1 47 ce 98
cipherSuite SSL_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
1 3 0.0021 (0.0000) S>C Handshake
Certificate
1 4 0.0021 (0.0000) S>C Handshake
ServerHelloDone
1 5 2.8089 (2.8067) C>S Handshake
ClientKeyExchange
1 6 2.8089 (0.0000) C>S ChangeCipherSpec
1 7 2.8089 (0.0000) C>S Handshake
1 8 2.8227 (0.0138) S>C ChangeCipherSpec
1 9 2.8227 (0.0000) S>C Handshake
1 10 2.8330 (0.0103) C>S application_data
1 11 2.9384 (0.1054) S>C Handshake
1 12 2.9387 (0.0002) C>S Handshake
1 13 2.9389 (0.0002) S>C Handshake
1 14 2.9389 (0.0000) S>C Handshake
1 15 2.9389 (0.0000) S>C Handshake
1 16 2.9400 (0.0010) C>S Handshake
1 17 2.9400 (0.0000) C>S ChangeCipherSpec
1 18 2.9400 (0.0000) C>S Handshake
1 19 2.9434 (0.0033) S>C ChangeCipherSpec
1 20 2.9434 (0.0000) S>C Handshake
1 21 2.9448 (0.0014) S>C application_data
1 22 2.9448 (0.0000) S>C application_data
1 23 2.9644 (0.0195) C>S application_data
New TCP connection #2: localhost(38714) <-> localhost(443)
2 1 0.0002 (0.0002) C>S Handshake
ClientHello
Version 3.0
resume [32]=
a3 ca ad 46 95 5d 64 bb 33 ec b5 12 91 21 a3 50
d2 c0 c5 f6 67 c3 cc 9e c0 4a 71 1b 92 dc 58 55
cipher suites
SSL_DHE_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_DSS_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfeff
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
Unknown value 0xfefe
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
compression methods
NULL
2 2 0.0277 (0.0274) S>C Handshake
ServerHello
Version 3.0
session_id[32]=
a3 ca ad 46 95 5d 64 bb 33 ec b5 12 91 21 a3 50
d2 c0 c5 f6 67 c3 cc 9e c0 4a 71 1b 92 dc 58 55
cipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA
compressionMethod NULL
2 3 0.0277 (0.0000) S>C ChangeCipherSpec
2 4 0.0277 (0.0000) S>C Handshake
2 5 0.0282 (0.0005) C>S ChangeCipherSpec
2 6 0.0282 (0.0000) C>S Handshake
2 7 0.0282 (0.0000) C>S application_data
2 8 0.0289 (0.0006) S>C application_data
2 9 0.0289 (0.0000) S>C application_data
2 10 0.0292 (0.0003) C>S application_data
2 11 0.0296 (0.0003) S>C application_data
2 12 0.0296 (0.0000) S>C application_data
1 24 3.5016 (0.5372) S>C application_data
1 25 3.5016 (0.0000) S>C application_data
2 13 0.5424 (0.5128) C>S application_data
2 14 0.5429 (0.0005) S>C application_data
2 15 0.5429 (0.0000) S>C application_data
1 26 6.0378 (2.5362) C>S application_data
1 27 6.0411 (0.0033) S>C application_data
1 28 6.0411 (0.0000) S>C application_data
2 16 3.1243 (2.5814) C>S application_data
2 17 3.1455 (0.0212) S>C application_data
2 18 3.1455 (0.0000) S>C application_data
1 29 9.2325 (3.1914) C>S application_data
1 30 9.2359 (0.0033) S>C application_data
1 31 9.2359 (0.0000) S>C application_data
1 32 9.3185 (0.0826) C>S application_data
2 19 6.3589 (3.2133) C>S application_data
1 33 9.3276 (0.0090) S>C application_data
1 34 9.3276 (0.0000) S>C application_data
2 20 6.3632 (0.0043) S>C application_data
2 21 6.3632 (0.0000) S>C application_data
1 35 12.3565 (3.0289) C>S application_data
1 36 12.3682 (0.0116) S>C application_data
1 37 12.3682 (0.0000) S>C application_data
知道错误/错误配置会阻止我解密吗?