https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16513
Peter Wu <pe...@lekensteyn.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|Capture file support |Dissection engine
|(libwiretap) |(libwireshark)
--- Comment #6 from Peter Wu <pe...@lekensteyn.nl> ---
Wireshark 3.1.x is an old development build, please try the stable build first.
I suspect that you have some "antivirus" (AV) software installed that
terminates your HTTPS connections. Although your keylog file is non-empty, it
only contains TLS 1.2 keys (label CLIENT_RANDOM) whereas some of the captured
TLS connections use TLS 1.3:
ssl_try_set_version found version 0x0304 -> state 0x91
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0x1301 TLS_AES_128_GCM_SHA256 -> state 0x97
...
tls13_load_secret Cannot find CLIENT_HANDSHAKE_TRAFFIC_SECRET, decryption
impossible
To validate this theory, check the certificate that you see in your browser.
Disable your AV and try again to make things work. You can also try capturing
on the loopback interface, maybe you will be able to capture traffic between
your browser and AV.
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
