Some HTTPS packets cannot be decrypted
Summary
When I use the configured ssl_key.log file to decrypt HTTPS packets, the latter packets in the same TLS stream cannot be completely decrypted. But the HTTPS at the front of the same TLS stream can be decrypted correctly.
Steps to reproduce
Almost every time I capture a larger video traffic of 10MB or more, I will encounter it. I can only get a small part of the correctly decrypted HTTP packets in the front of flow, but most of the latter packets can only get the decrypted request packets, and the response message cannot be decrypted.
What is the current bug behavior?
As we can see, after the No.4687, the decrypted HTTP response message cannot be seen. I am sure I received the response message because I also used Chrome’s developer tools to capture the network log.
The second screenshot shows the HTTP2 request message in wireshark, and I use the range
in header to locate the response message in Chrome's developer tools as the third screenshot shown.
Unfortunately, you can see in the last picture, the response message cannot be found in wireshark.
Sample capture file
The sample capture file is too large to upload. As I said before, this happens only when the stream length exceeds a certain size. If you need more info about packet, can contact me as you can.
My attempt
I have activated the "Reassemble out-of-order segments" option but it didn't work.
Build information
Version 3.4.5 (v3.4.5-0-g7db1feb42ce9)
Copyright 1998-2021 Gerald Combs <gerald@wireshark.org> and contributors. License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.15.1, with libpcap, with GLib 2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled resampler), with Minizip.
Running on 64-bit Windows 10 (2009), build 19042, with AMD Ryzen 7 3700X 8-Core Processor (with SSE4.2), with 16334 MB of physical memory, with locale Chinese (Simplified)_China.utf8, with light display mode, without HiDPI, with Npcap version 1.20, based on libpcap version 1.10.1-PRE-GIT, with GnuTLS 3.6.3, with Gcrypt 1.8.3, with brotli 1.0.2, without AirPcap, binary plugins supported (21 loaded). Built using Microsoft Visual Studio 2019 (VC++ 14.28, build 29910).