WiresharkでHTTPSトラフィックを復号化できない

Question

Windows Server 2008 R2上でWireshark 1.8.6を実行していて、受信したHTTPS通信を復号化して問題をデバッグしようとしています。

RSA鍵リストが正しく設定されていますが、Wiresharkは何らかの理由でSSLトラフィックを復号化しません。私はこれを以前他のクライアントシステムとのやりとりをデバッグする間に動作させるようにしたので、TLSがここで使用されている特定のものかどうか疑問に思っています（Diffie-Hellmanを使用している場合、それが使用されているかどうかを確認してください）。

次のように私は私のRSAキーリストのエントリを持っている：

私Wiresharkのトレースで

IP Address: 192.168.1.27 (the IP address of the server) 
Port: 7447 
Protocol: http 
Key File: set to my .pem (which I created using openssl from a .pfx containing both the public and private key). 
Password: blank because it doesn't seem to need it for a .pem (Wireshark actually throws an error if I enter one). 

、私は右クリック（クライアントこんにちは、サーバこんにちはなく、アプリケーションデータが復号化されていない見ることができます - > [フォローSSLをストリームには何も表示されません）。

私のSSLログが下に貼り付けられています - ここに何かがありますが、私はそれが解読に失敗した理由を教えてくれませんか？

packet_from_server: is from server - FALSE 
decrypt_ssl3_record: using client decoder 
decrypt_ssl3_record: no decoder available 
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267 
ssl_decrypt_pre_master_secret key exchange 0 different from KEX_RSA (16) 
dissect_ssl3_handshake can't decrypt pre master secret 
    record: offset = 267, reported_length_remaining = 59 

SSLログイン：KEX_RSA（16）とは異なる

ssl_association_remove removing TCP 7447 - http handle 00000000041057D0 
Private key imported: KeyID 02:bb:83:4f:80:cf:39:59:39:cd:74:ab:b4:4b:c7:20:... 
ssl_load_key: swapping p and q parameters and recomputing u 
ssl_init IPv4 addr '192.168.1.27' (192.168.1.27) port '7447' filename 'C:\Users\username\Desktop\Certs\server_cert.pem.pem' password(only for p12 file) '' 
ssl_init private key file C:\Users\username\Desktop\Certs\server_cert.pem.pem successfully loaded. 
association_add TCP port 7447 protocol http handle 00000000041057D0 

dissect_ssl enter frame #2968 (first time) 
ssl_session_init: initializing ptr 0000000006005E40 size 680 
    conversation = 00000000060056C0, ssl_session = 0000000006005E40 
    record: offset = 0, reported_length_remaining = 123 
dissect_ssl3_record: content_type 22 Handshake 
decrypt_ssl3_record: app_data len 118, ssl state 0x00 
association_find: TCP port 59050 found 0000000000000000 
packet_from_server: is from server - FALSE 
decrypt_ssl3_record: using client decoder 
decrypt_ssl3_record: no decoder available 
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 114 bytes, remaining 123 
packet_from_server: is from server - FALSE 
ssl_find_private_key server 192.168.1.27:7447 
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01 

dissect_ssl enter frame #2971 (first time) 
    conversation = 00000000060056C0, ssl_session = 0000000006005E40 
    record: offset = 0, reported_length_remaining = 326 
dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x11 
dissect_ssl3_record: content_type 22 Handshake 
decrypt_ssl3_record: app_data len 262, ssl state 0x11 
packet_from_server: is from server - FALSE 
decrypt_ssl3_record: using client decoder 
decrypt_ssl3_record: no decoder available 
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267 
ssl_decrypt_pre_master_secret key exchange 0 different from KEX_RSA (16) 
dissect_ssl3_handshake can't decrypt pre master secret 
    record: offset = 267, reported_length_remaining = 59 
dissect_ssl3_record: content_type 20 Change Cipher Spec 
dissect_ssl3_change_cipher_spec 
packet_from_server: is from server - FALSE 
ssl_change_cipher CLIENT 
    record: offset = 273, reported_length_remaining = 53 
dissect_ssl3_record: content_type 22 Handshake 
decrypt_ssl3_record: app_data len 48, ssl state 0x11 
packet_from_server: is from server - FALSE 
decrypt_ssl3_record: using client decoder 
decrypt_ssl3_record: no decoder available 
dissect_ssl3_handshake iteration 1 type 166 offset 278 length 4253081 bytes, remaining 326 

dissect_ssl enter frame #2972 (first time) 
    conversation = 00000000060056C0, ssl_session = 0000000006005E40 
    record: offset = 0, reported_length_remaining = 59 
dissect_ssl3_record: content_type 20 Change Cipher Spec 
dissect_ssl3_change_cipher_spec 
packet_from_server: is from server - TRUE 
ssl_change_cipher SERVER 
    record: offset = 6, reported_length_remaining = 53 
dissect_ssl3_record: content_type 22 Handshake 
decrypt_ssl3_record: app_data len 48, ssl state 0x11 
packet_from_server: is from server - TRUE 
decrypt_ssl3_record: using server decoder 
decrypt_ssl3_record: no decoder available 
dissect_ssl3_handshake iteration 1 type 8 offset 11 length 5212462 bytes, remaining 59 

dissect_ssl enter frame #2973 (first time) 
    conversation = 00000000060056C0, ssl_session = 0000000006005E40 
    record: offset = 0, reported_length_remaining = 277 
dissect_ssl3_record: content_type 23 Application Data 
decrypt_ssl3_record: app_data len 272, ssl state 0x11 
packet_from_server: is from server - FALSE 
decrypt_ssl3_record: using client decoder 
decrypt_ssl3_record: no decoder available 
association_find: TCP port 59050 found 0000000000000000 
association_find: TCP port 7447 found 0000000004FCF520 

dissect_ssl enter frame #2990 (first time) 
    conversation = 00000000060056C0, ssl_session = 0000000006005E40 
    record: offset = 0, reported_length_remaining = 53 
dissect_ssl3_record: content_type 23 Application Data 
decrypt_ssl3_record: app_data len 48, ssl state 0x11 
packet_from_server: is from server - TRUE 
decrypt_ssl3_record: using server decoder 
decrypt_ssl3_record: no decoder available 
association_find: TCP port 7447 found 0000000004FCF520 

dissect_ssl enter frame #2991 (first time) 
    conversation = 00000000060056C0, ssl_session = 0000000006005E40 
    record: offset = 0, reported_length_remaining = 1380 
    need_desegmentation: offset = 0, reported_length_remaining = 1380 

dissect_ssl enter frame #2999 (first time) 
    conversation = 00000000060056C0, ssl_session = 0000000006005E40 
    record: offset = 0, reported_length_remaining = 8565 
dissect_ssl3_record: content_type 23 Application Data 
decrypt_ssl3_record: app_data len 8560, ssl state 0x11 
packet_from_server: is from server - FALSE 
decrypt_ssl3_record: using client decoder 
decrypt_ssl3_record: no decoder available 
association_find: TCP port 59050 found 0000000000000000 
association_find: TCP port 7447 found 0000000004FCF520 

dissect_ssl enter frame #3805 (first time) 
    conversation = 00000000060056C0, ssl_session = 0000000006005E40 
    record: offset = 0, reported_length_remaining = 389 
dissect_ssl3_record: content_type 23 Application Data 
decrypt_ssl3_record: app_data len 384, ssl state 0x11 
packet_from_server: is from server - FALSE 
decrypt_ssl3_record: using client decoder 
decrypt_ssl3_record: no decoder available 
association_find: TCP port 59050 found 0000000000000000 
association_find: TCP port 7447 found 0000000004FCF520 

dissect_ssl enter frame #3807 (first time) 
    conversation = 00000000060056C0, ssl_session = 0000000006005E40 
    record: offset = 0, reported_length_remaining = 53 
dissect_ssl3_record: content_type 23 Application Data 
decrypt_ssl3_record: app_data len 48, ssl state 0x11 
packet_from_server: is from server - TRUE 
decrypt_ssl3_record: using server decoder 
decrypt_ssl3_record: no decoder available 
association_find: TCP port 7447 found 0000000004FCF520 

dissect_ssl enter frame #3808 (first time) 
    conversation = 00000000060056C0, ssl_session = 0000000006005E40 
    record: offset = 0, reported_length_remaining = 1380 
    need_desegmentation: offset = 0, reported_length_remaining = 1380 

dissect_ssl enter frame #3815 (first time) 
    conversation = 00000000060056C0, ssl_session = 0000000006005E40 
    record: offset = 0, reported_length_remaining = 8469 
dissect_ssl3_record: content_type 23 Application Data 
decrypt_ssl3_record: app_data len 8464, ssl state 0x11 
packet_from_server: is from server - FALSE 
decrypt_ssl3_record: using client decoder 
decrypt_ssl3_record: no decoder available 
association_find: TCP port 59050 found 0000000000000000 
association_find: TCP port 7447 found 0000000004FCF520 

dissect_ssl enter frame #2968 (already visited) 
    conversation = 00000000060056C0, ssl_session = 0000000000000000 
    record: offset = 0, reported_length_remaining = 123 
dissect_ssl3_record: content_type 22 Handshake 
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 114 bytes, remaining 123 

dissect_ssl enter frame #2971 (already visited) 
    conversation = 00000000060056C0, ssl_session = 0000000000000000 
    record: offset = 0, reported_length_remaining = 326 
dissect_ssl3_record: content_type 22 Handshake 
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267 
    record: offset = 267, reported_length_remaining = 59 
dissect_ssl3_record: content_type 20 Change Cipher Spec 
dissect_ssl3_change_cipher_spec 
    record: offset = 273, reported_length_remaining = 53 
dissect_ssl3_record: content_type 22 Handshake 
dissect_ssl3_handshake iteration 1 type 166 offset 278 length 4253081 bytes, remaining 326 

dissect_ssl enter frame #2973 (already visited) 
    conversation = 00000000060056C0, ssl_session = 0000000000000000 
    record: offset = 0, reported_length_remaining = 277 
dissect_ssl3_record: content_type 23 Application Data 
association_find: TCP port 59050 found 0000000000000000 
association_find: TCP port 7447 found 0000000004FCF520 

dissect_ssl enter frame #2999 (already visited) 
    conversation = 00000000060056C0, ssl_session = 0000000000000000 
    record: offset = 0, reported_length_remaining = 8565 
dissect_ssl3_record: content_type 23 Application Data 
association_find: TCP port 59050 found 0000000000000000 
association_find: TCP port 7447 found 0000000004FCF520 

dissect_ssl enter frame #3805 (already visited) 
    conversation = 00000000060056C0, ssl_session = 0000000000000000 
    record: offset = 0, reported_length_remaining = 389 
dissect_ssl3_record: content_type 23 Application Data 
association_find: TCP port 59050 found 0000000000000000 
association_find: TCP port 7447 found 0000000004FCF520 

dissect_ssl enter frame #2968 (already visited) 
    conversation = 00000000060056C0, ssl_session = 0000000000000000 
    record: offset = 0, reported_length_remaining = 123 
dissect_ssl3_record: content_type 22 Handshake 
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 114 bytes, remaining 123 

dissect_ssl enter frame #2968 (already visited) 
    conversation = 00000000060056C0, ssl_session = 0000000000000000 
    record: offset = 0, reported_length_remaining = 123 
dissect_ssl3_record: content_type 22 Handshake 
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 114 bytes, remaining 123 

Answer 1

ssl_decrypt_pre_master_secret鍵交換0私は私を心配するが、私はそれを解釈するかどうかはわかりません。このようないくつかのエントリを参照してくださいあなたは完全転送SECRを提供している、DHE暗号スイート（少なくともないRSA鍵交換と暗号スイート）を使用しているように見えます

ecyを使用し、秘密鍵を持っていてもこれらのパケットの復号化を防ぐことができます。

あなたはに興味があるかもしれない：これはデバッグ用であれば、DHE暗号スイートをオフにしてみてください

• This Security.SE question
• SSL/TLS & Perfect Forward Secrecy by Vincent Bernat

。

WiresharkのServer Helloパケットを調べることで、使用している暗号スイートを確認できるはずです。

---

新しいバージョンも（Wireshark wiki SSL pageのセクション「（前） - マスター・シークレット使うを」を読んで）直接プレマスターシークレットを使用することができます。場合によってはクライアント側から取得できる可能性があります。いずれにしても、これが機能するには、2つの当事者のうちの1つからプレマスターの秘密を取得する必要があります。ここでのWiresharkのwikiのそのセクションからのリンクのカップルです：

• Ask.Wireshark: Follow SSL stream using Master-key and Session-ID
• Security.SE: Decrypting TLS in Wireshark when using DHE_RSA ciphersuites