couldn't decrypt the outter-EAP TLS connection in RADIUS EAP-TTLS

This issue was migrated from bug 11642 in our old bug tracker.

Original bug information:

Reporter: eroshan
Status: RESOLVED NOTABUG
Product: Wireshark
Component: Capture file support (libwiretap)
OS: Windows 7
Platform: x86
Version: 1.12.8

Attachments:

server-key.pem: server key
eapttls_gtc.pcapng: EAP-TTLS packet capture
eapttls_1_12.pcapng: EAP TTLS capture with updated wireshark

eroshan said:

Created attachment 13941 server key

Build Information: Version 1.10.2 (SVN Rev 51934 from /trunk-1.10)

Copyright 1998-2013 Gerald Combs <gerald@‍wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities, without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 10 2013), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap. Intel(R) Xeon(R) CPU E5-1650 0 @ 3.20GHz, with 16307MB of physical memory.

Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public License.

Check the man page and http://www.wireshark.org for more information.

We couldn't decrypt the outter-EAP TLS connection in RADIUS EAP-TTLS exchange using the attached server key.

added libwiretap oswindows version1.12 labels

eroshan said:

Created attachment 13942 EAP-TTLS packet capture

The packet capture, we tried to decrypt

Alexis La Goutte said:

Hi,

Can You try with last 1.12 ? (Or 2.0rcX) Because 1.10 is no longer supported

eroshan said:

Created attachment 13943 EAP TTLS capture with updated wireshark

tested with Wireshark Version 1.12.8 (v1.12.8-0-g5b6e5432 from master-1.12)

issue still exists

Alexis La Goutte said:

After try with last git branch (it is recommended.. http://security.stackexchange.com/questions/70981/decoding-tunnel-bytes-in-eap-tls-or-eap-ttls-using-wireshark ) and enable SSL debug

[...]
dissect_ssl enter frame #35 (first time)
packet_from_server: is from server - TRUE
  conversation = 0x1201bd8e0, ssl_session = 0x1201bdcf0
  record: offset = 0, reported_length_remaining = 3216
dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 5 49
decrypt_ssl3_record: app_data len 49, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 45 bytes, remaining 54
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_dissect_hnd_srv_hello found CIPHER 0x0039 -> state 0x17
[...]

Wireshark can't decrypt because SSL handshake use DH ( https://ask.wireshark.org/questions/7886/ssl-decrypting-problem )


Peter, you confirm ?

Peter Wu said:

This capture is indeed using a DHE cipher suite which cannot be decrypted using a RSA key (a RSA key is only used to sign the DH parameters, the actual key is never visible due to how Diffie-Hellman works).

Frame 35: 284 bytes on wire (2272 bits), 284 bytes captured (2272 bits) on interface 0
[..]
Radius Protocol
  Code: Access-Challenge (11)
[..]
        Secure Sockets Layer
          TLSv1 Record Layer: Handshake Protocol: Server Hello
            Content Type: Handshake (22)
            Version: TLS 1.0 (0x0301)
            Length: 49
            Handshake Protocol: Server Hello
[..]
              Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)

closed