cannot decrypt HTTPS with Wireshark. the steps done are described as follows. can anybody help to throw light on this? thx!
step 1: start a http server
C:\Users\ebinshe\Documents\projects\test-openssl
λ echo 'hello, world.' >index.txt
C:\Users\ebinshe\Documents\projects\test-openssl
λ openssl s_server -key key.pem -cert cert.pem -WWW
Using default temp DH parameters
ACCEPT
step 2: test it with "openssl" and catch the traffic with "RawCap.exe"
C:\Users\ebinshe\Documents\projects\test-openssl
λ openssl s_client -crlf -cipher 'DHE-RSA-AES128-SHA' -host localhost -port 4433 -no_tls1_2
CONNECTED(00000003)
depth=0 CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = localhost
verify return:1
---
Certificate chain
0 s:/CN=localhost
i:/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC+zCCAeOgAwIBAgIJAJ6LbmE3wd3bMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
BAMMCWxvY2FsaG9zdDAeFw0xNzEwMjkxMDE0MjhaFw0xNzExMjgxMDE0MjhaMBQx
EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALZEnU+F4XknWZRvbtkZoKhbcoOguYUPbrucYREsjN+o9i4N8kmtNpiqDav+
J68Uk0r4o3WGhtAoaLdbqny1U+mWuMGUrwHi2fR1X7T6IZHOKLhqdbJLi9i3V7KD
7FLhz20ttbUQHaKlA5BqBiEYptRYOpFrK75R3UFdBGG8SBAoMitqzzLERwPbZDqH
Lk8ZWDLXLnmbDh0jda3B26yjCB9UHCwKJNCqqIDajmOhPq8khH32ZPQQ3NPndNTa
fob5e/vJgjBCHHX7wutIG6fUfuBnokUE2R+Wkg3iGu8fHQ0SY+6Wlmk+nTeJ+HeK
1anuqhwxjZ9Xj1HTGGJIS/JxIlsCAwEAAaNQME4wHQYDVR0OBBYEFOhulfYh0HDL
ItQwXVsceqOdlSx1MB8GA1UdIwQYMBaAFOhulfYh0HDLItQwXVsceqOdlSx1MAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKlMRvbkQIrvtBTJH7+1c/Dr
JFR0VhOdDHCDWm1mSw+o+REffaGJHzLUztq2fx7Tciqcsd+5E+RsNn7ySYxiMohD
ud25g/sBoGTqiayNGAJMOSK3/ndskXh9rnLzPBwJ1RRXcTn4aCYYSoddhyfM1Dzl
4SMQkPAW1uMWisPXfl9d7LFzC2wkMj/YswGNkKnEOUIjyfxgexaXgFbOf6+FrUmU
SWcBaw44YOwAYLEL7cVoOo9TXe/i3cSlNJMw6Q8306nnCiiyMAqDN2wTcQUzzDx6
jGGr5eDMuMLC5slWlOK1X7lEA1kNX6uPSktL2TGnzgq7a4nbxjBFHDDa/3/dcU8=
-----END CERTIFICATE-----
subject=/CN=localhost
issuer=/CN=localhost
---
No client certificate CA names sent
Server Temp Key: DH, 2048 bits
---
SSL handshake has read 1890 bytes and written 442 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.1
Cipher : DHE-RSA-AES128-SHA
Session-ID: 02F8CB0E6E0BD370A7128C5DE27FC8B3A65A8C212FB91E3A389FB447CB651769
Session-ID-ctx:
Master-Key: 907B687CA8045DCEFB9A168316B6D47C12CC8C6F9EEAB6590427610BD4ACB00CACC2170CB80370EBBF15E5E32204C211
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 6c 5c 1b df f9 18 4b d0-5d c0 a9 f6 90 c1 d4 d1 l\....K.].......
0010 - 71 1e 4b f9 80 f4 f5 d3-fd 12 f7 92 11 2b a3 be q.K..........+..
0020 - 59 31 f2 39 84 cd c9 c6-1b 9b bb f9 9f dd 1c dd Y1.9............
0030 - 8d 97 3b 1f 75 6f 9c 78-dc 63 73 8b b7 ac 9d d0 ..;.uo.x.cs.....
0040 - 20 a3 f1 7e f5 c4 ae b4-56 d5 e1 bd e7 70 21 bb ..~....V....p!.
0050 - 08 f3 d3 6d fd 1b 6b a8-e6 92 de 13 c9 51 3e 0a ...m..k......Q>.
0060 - ee 54 98 0f 79 f3 fe cf-4f e2 a8 47 68 9e 58 f8 .T..y...O..Gh.X.
0070 - 9d f6 98 28 2d 7f 23 fc-f5 5e 34 ec 5c 30 43 a4 ...(-.#..^4.\0C.
0080 - e1 4c 3e 92 41 b2 f5 18-68 8f 6c f8 84 5c 11 3a .L>.A...h.l..\.:
0090 - 30 11 8a 7a 56 e0 18 3d-c3 27 a2 e5 26 f0 b4 2e 0..zV..=.'..&...
Compression: 1 (zlib compression)
Start Time: 1509640881
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
GET /index.txt HTTP/1.1
HTTP/1.0 200 ok
Content-type: text/plain
'hello, world.'
read:errno=0
step 3: create key.log from
Session-ID: 02F8CB0E6E0BD370A7128C5DE27FC8B3A65A8C212FB91E3A389FB447CB651769
Master-Key: 907B687CA8045DCEFB9A168316B6D47C12CC8C6F9EEAB6590427610BD4ACB00CACC2170CB80370EBBF15E5E32204C211
the resulted key.log
CLIENT_RANDOM 02F8CB0E6E0BD370A7128C5DE27FC8B3A65A8C212FB91E3A389FB447CB651769 907B687CA8045DCEFB9A168316B6D47C12CC8C6F9EEAB6590427610BD4ACB00CACC2170CB80370EBBF15E5E32204C211
step 4: point Wireshark SSL "(Pre)-Master-Secret log filename" to it.
load the traffic with Wireshark. the SSL data frames are not decrypted.
the Wireshark SSL debug log:
λ cat debug.log
Wireshark SSL debug log
Wireshark version: 2.4.2 (v2.4.2-0-gb6c63ae086)
GnuTLS version: 3.4.11
Libgcrypt version: 1.7.6
dissect_ssl enter frame #463 (first time)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 95, ssl state 0x00
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100
Calculating hash with offset 5 95
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #465 (first time)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 1460
ssl_try_set_version found version 0x0302 -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 58, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
Calculating hash with offset 5 58
ssl_try_set_version found version 0x0302 -> state 0x11
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_set_cipher found CIPHER 0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA -> state 0x17
trying to use SSL keylog in C:\Users\ebinshe\sslkeylogfile.log
checking keylog line: # SSL/TLS secrets log file, generated by NSS
unrecognized line
checking keylog line: CLIENT_RANDOM DCD58E1764FDC7A5EA5BC169ED4C96C0D6661120F8A02E96D524F33C155DB934 4DF856122B924EC0E5CA53F1DCE0C95F1FEC1E315E552619DCB5E3963DCAD47A41FF301BAEA33743FADD2E636A0A1D52
matched client_random
tls13_change_key TLS version 0x302 is not 1.3
tls13_change_key TLS version 0x302 is not 1.3
record: offset = 63, reported_length_remaining = 1397
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 777, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 68 length 773 bytes, remaining 845
Calculating hash with offset 68 777
lookup(KeyID)[20]:
| 73 ab d9 0c d6 09 d6 06 b9 d7 28 b9 25 12 85 bb |s.........(.%...|
| c2 14 09 02 |.... |
ssl_find_private_key_by_pubkey: lookup result: 0000000000000000
record: offset = 845, reported_length_remaining = 615
need_desegmentation: offset = 845, reported_length_remaining = 615
dissect_ssl enter frame #466 (first time)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 786
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 781, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 12 offset 5 length 777 bytes, remaining 786
Calculating hash with offset 5 781
dissect_ssl enter frame #466 (first time)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9
Calculating hash with offset 5 4
dissect_ssl enter frame #468 (first time)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 342
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 262, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267
Calculating hash with offset 5 262
trying to use SSL keylog in C:\Users\ebinshe\sslkeylogfile.log
ssl_load_keyfile file got deleted, trying to re-open
checking keylog line: # SSL/TLS secrets log file, generated by NSS
unrecognized line
checking keylog line: CLIENT_RANDOM DCD58E1764FDC7A5EA5BC169ED4C96C0D6661120F8A02E96D524F33C155DB934 4DF856122B924EC0E5CA53F1DCE0C95F1FEC1E315E552619DCB5E3963DCAD47A41FF301BAEA33743FADD2E636A0A1D52
matched client_random
ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17
ssl_restore_master_key can't find pre-master secret by Unencrypted pre-master secret
ssl_restore_master_key can't find pre-master secret by Encrypted pre-master secret
dissect_ssl3_handshake can't generate pre master secret
record: offset = 267, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
decrypt_ssl3_record: app_data len 1, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
trying to use SSL keylog in C:\Users\ebinshe\sslkeylogfile.log
ssl_load_keyfile file got deleted, trying to re-open
checking keylog line: # SSL/TLS secrets log file, generated by NSS
unrecognized line
checking keylog line: CLIENT_RANDOM DCD58E1764FDC7A5EA5BC169ED4C96C0D6661120F8A02E96D524F33C155DB934 4DF856122B924EC0E5CA53F1DCE0C95F1FEC1E315E552619DCB5E3963DCAD47A41FF301BAEA33743FADD2E636A0A1D52
matched client_random
ssl_finalize_decryption state = 0x17
ssl_restore_master_key can't restore master secret using an empty Session ID
ssl_restore_master_key can't find master secret by Client Random
Cannot find master secret
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
record: offset = 273, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 64, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 103 offset 278 length 7643659 bytes, remaining 342
dissect_ssl enter frame #470 (first time)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 250
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 170, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 166 bytes, remaining 175
Calculating hash with offset 5 170
ssl_save_master_key not saving empty (pre-)master secret for Session Ticket!
record: offset = 175, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
decrypt_ssl3_record: app_data len 1, ssl state 0x417
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
ssl_dissect_change_cipher_spec Not using Session resumption
trying to use SSL keylog in C:\Users\ebinshe\sslkeylogfile.log
ssl_load_keyfile file got deleted, trying to re-open
checking keylog line: # SSL/TLS secrets log file, generated by NSS
unrecognized line
checking keylog line: CLIENT_RANDOM DCD58E1764FDC7A5EA5BC169ED4C96C0D6661120F8A02E96D524F33C155DB934 4DF856122B924EC0E5CA53F1DCE0C95F1FEC1E315E552619DCB5E3963DCAD47A41FF301BAEA33743FADD2E636A0A1D52
matched client_random
ssl_finalize_decryption state = 0x417
ssl_restore_master_key can't restore master secret using an empty Session ID
ssl_restore_master_key can't find master secret by Client Random
Cannot find master secret
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
record: offset = 181, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 64, ssl state 0x417
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 83 offset 186 length 7227761 bytes, remaining 250
dissect_ssl enter frame #472 (first time)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 80, ssl state 0x417
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #474 (first time)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 112, ssl state 0x417
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #478 (first time)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 21 Alert
decrypt_ssl3_record: app_data len 48, ssl state 0x417
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #463 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100
dissect_ssl enter frame #465 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 1460
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
record: offset = 63, reported_length_remaining = 1397
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 11 offset 68 length 773 bytes, remaining 845
record: offset = 845, reported_length_remaining = 615
need_desegmentation: offset = 845, reported_length_remaining = 615
dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 786
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 12 offset 5 length 777 bytes, remaining 786
dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9
dissect_ssl enter frame #468 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 342
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267
record: offset = 267, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 273, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 103 offset 278 length 7643659 bytes, remaining 342
dissect_ssl enter frame #470 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 250
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 166 bytes, remaining 175
record: offset = 175, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 181, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 83 offset 186 length 7227761 bytes, remaining 250
dissect_ssl enter frame #472 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #474 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #478 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 21 Alert
dissect_ssl enter frame #463 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100
dissect_ssl enter frame #465 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 1460
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
record: offset = 63, reported_length_remaining = 1397
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 11 offset 68 length 773 bytes, remaining 845
record: offset = 845, reported_length_remaining = 615
need_desegmentation: offset = 845, reported_length_remaining = 615
dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 786
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 12 offset 5 length 777 bytes, remaining 786
dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9
dissect_ssl enter frame #468 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 342
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267
record: offset = 267, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 273, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 103 offset 278 length 7643659 bytes, remaining 342
dissect_ssl enter frame #470 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 250
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 166 bytes, remaining 175
record: offset = 175, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 181, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 83 offset 186 length 7227761 bytes, remaining 250
dissect_ssl enter frame #472 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #474 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #478 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 21 Alert
dissect_ssl enter frame #463 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100
dissect_ssl enter frame #463 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100
dissect_ssl enter frame #465 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 1460
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
record: offset = 63, reported_length_remaining = 1397
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 11 offset 68 length 773 bytes, remaining 845
record: offset = 845, reported_length_remaining = 615
need_desegmentation: offset = 845, reported_length_remaining = 615
dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 786
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 12 offset 5 length 777 bytes, remaining 786
dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9
dissect_ssl enter frame #468 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 342
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267
record: offset = 267, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 273, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 103 offset 278 length 7643659 bytes, remaining 342
dissect_ssl enter frame #470 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 250
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 166 bytes, remaining 175
record: offset = 175, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 181, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 83 offset 186 length 7227761 bytes, remaining 250
dissect_ssl enter frame #472 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #474 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #478 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 21 Alert
dissect_ssl enter frame #474 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data