Exercise 7 Question 1l)

0 votes
Hi,

I am pretty sure that the decryption of the early data is not possible, as the CLIENT_EARLY_TRAFFIC_SECRET in the keylog.txt does not seem to be valid for the session.

The Application Data is not being decrypted after providing the keylog.txt in Wireshark.

Can you maybe check again if the decryption is really possible?

Thank you in advance.
by
edit history

1 Answer

0 votes
Hi,

It works for me.

Maybe check your Wireshark version.
I just tested it with version 3.6.2.
This version and any newer version should work.

Cheers,
Sebastian
by (1.5k points)
edit history
0
I am currently running on version 4.6.0 and for me and my friend (running 4.6.1) it is not working :(
by
0
Hi,

I just tested it with version 4.6.0. It does work.

Maybe try to change the keylog file location to some other random file and then change it back to the correct one.

Cheers,
Sebastian
by (1.5k points)
0
Hi,
it's still not working, even after renaming or moving the keylogfile.
Changing the path to a random file did not work either.

The thing is that the whole connection is decrypted using the keylog file, just the early data cannot be decrypted.
by
0
Hi,

If you still want to get points, you will have to ask the tutor in the tutorial tomorrow and show him what you have done.

Otherwise you will not get the points if you got the wrong / no answer.

Cheers,
Sebastian
by (1.5k points)