Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Switch to GitLab Next
  • Sign in / Register
wireshark
wireshark
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 1,303
    • Issues 1,303
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
    • Iterations
  • Merge requests 101
    • Merge requests 101
  • Requirements
    • Requirements
    • List
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI/CD
    • Code Review
    • Insights
    • Issue
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Wireshark Foundation
  • wiresharkwireshark
  • Issues
  • #17111

Closed
Open
Created Dec 24, 2020 by Nan Xiao@NanXiao

The TLS/QUIC sessions can't be decrypted

Summary

I tried to decrypt TLS/QUIC sessions with methods introduced in TLS debugging, and it seems some sessions can be decrypted while some not. E.g., for the attached pcap file, The 7th TCP session (use "tcp.stream eq 7" as a filter) can be decrypted, while the 10th not. Furthermore, the QUIC sessions can't be decrypted too (e.g., use "udp.stream eq 1" as a filter). I am not the experts of TLS/QUIC protocols, so maybe I missed something. Could anyone give some clues? Thanks very much in advance!

The keys.txt and pcap files are attached. The wireshark version is:

3.4.2 (v3.4.2-0-ga889cf1b1bf9)

Compiled (64-bit) with Qt 5.12.6, with libpcap, without POSIX capabilities, with
GLib 2.58.3, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.15.0, with Lua
5.2.4, with GnuTLS 3.6.15 and PKCS #11 support, with Gcrypt 1.8.7, with MIT
Kerberos, with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4,
with Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with
automatic updates using Sparkle, with SpeexDSP (using system library).

Running on Mac OS X 10.15.7, build 19H2 (Darwin 19.6.0), with Intel(R) Core(TM)
i5-8279U CPU @ 2.40GHz (with SSE4.2), with 16384 MB of physical memory, with
locale C, with light display mode, with HiDPI, with libpcap version 1.9.1, with
GnuTLS 3.6.15, with Gcrypt 1.8.7, with brotli 1.0.9, with zlib 1.2.11, binary
plugins supported (21 loaded).

Built using clang 4.2.1 Compatible Apple LLVM 11.0.0 (clang-1100.0.33.16).

keys.txt

tls_and_quic.pcapng

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking