1
Vote

Decryption not support for SSL2.0

description

Issue1:
Here's an issue found when trying to decrpted the captures that are encrypted using SSL2.0.
 
An error message poped out when running expert to decrept DES_SSL2.0_Win7.cap in attached Issue1.zip.
 
"No Frames were decrypted, Netmon Filter Set may not match with current parser version. Use parser version 3.4.2371.1 or greater."
 
It may need to update the filter set for SSL2.0
 
Issue2:
No error shows when running expert to decrept LSDAP_RC4_SSL2.0.cap in attached Issue2.zip. But there's no data decrepted, as no frame has been filtered out when applyed this filter "DecryptedPayloadHeader"
 
Repro steps:
  1. Install Netmon.msi 3.4.2350.0000 + NetworkMonitor_Parsers_Internal 03.04.2601.0001 + NmDecryp Expert 2.2.
  2. Open the capture and run expert
  3. Start the expert with the certificat and password

file attachments

comments

SandyYe wrote Apr 22, 2011 at 10:23 AM

Attached the DES_SSL2.0_Win7_Dec.cap for issue1, which is a decrpted capture found in out test pool. It seem that it can be decrypted previously

wrote Feb 14, 2013 at 7:16 PM