Protocol version may be different as well...
> On 25 Jul 2014, at 14:27, Chris Campbell <ch...@ctcampbell.com> wrote: > > Chrome and Firefox use the same TLS codebase and have a preference for more > secure cipher suites. In this case they are probably negotiating a suite that > doesn't allow decryption with just the server key. > >> On 17 Mar 2014, at 22:13, Robin Wood <ro...@digininja.org> wrote: >> >> I'm trying to look at decrypting HTTPS/SSL traffic. I've created a >> server using openssl: >> >> openssl s_server -www -cipher AES256-SHA -key server.pem -cert >> server.crt -accept 443 >> >> and connect to it using >> >> echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect localhost:443 >> >> I'm then sniffing the traffic using tshark >> >> tshark -o "ssl.desegment_ssl_records: TRUE" -o >> "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list: >> 127.0.0.1,443,http,/etc/ssl/mine/server.pem" -o "ssl.debug_file: >> ./wireshark-log" -i lo -R "tcp.port == 443" -2 >> >> This has the same server.pem file as the server so it should be able >> to decrypt things without any problems. >> >> Watching the wireshark-log file this works fine and I get cleartext in the >> log. >> >> Same if I connect through curl or wget. >> >> If I then try through either Firefox or Chrome I get a load of output >> in the log but no decrypted data. What would cause this? >> >> If I use Apache to run the server rather than openssl I don't get any >> decryption regardless of what client I get. >> >> What am I doing wrong? >> >> I'm getting most of my info from Mark's article from 2010, I've had to >> tweak a few bits but there is a difference between what I'm getting >> and what Mark got. >> >> http://securityweekly.com/2010/10/tsharkwireshark-ssl-decryption.html >> >> Robin >> _______________________________________________ >> Pauldotcom mailing list >> Pauldotcom@mail.securityweekly.com >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom@mail.securityweekly.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
