Wireshark does not decrypt SSL sessions with gnutls-2.18.12. I downgraded to gnutls-2.10.5 and it works fine again. Reproducible: Always Steps to Reproduce: 1. Open Wireshark. 2. Capture a TLS connection where you have access to the private key. 3. Try to decrypt the captured packets using the RSA private key. Actual Results: No decryption. I get in ssldebug: ssl_decrypt_pre_master_secret wrong pre_master_secret length (59, expected 48) Expected Results: Decryption
It works fine for me with gnutls-2.12.20[-nettle] and fails the same way with gnutls-2.12.20[nettle]. So wireshark somehow depends on gnutls using libgcrypt and not nettle. This should block tracker bug #361315.
Created attachment 325908 [details, diff] wireshark-1.8.3-gnutls-nettle.patch I'm attaching my patch which fixes this issue. The patch has been sent upstream for review. Upstream bug report: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6869
Could you please apply this patch to the version in portage? The patch is upstreamed since Oct 11. It's even marked by upstream to be backported to the stable 1.8 branch, but I have no idea when they are going to release 1.8.4.
(In reply to comment #3) > Could you please apply this patch to the version in portage? The patch is > upstreamed since Oct 11. It's even marked by upstream to be backported to > the stable 1.8 branch, but I have no idea when they are going to release > 1.8.4. That's great. We can wait for the official fix, then.
Please test with 1.8.4 and report back. The release notes[1] are awkwardly silent with regard to the upstream bug report. [1] http://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html
The patch seems to be in, though.