1
Vote

Doesn't support MS TDS (SSL encrypted) data

description

NmDecrypt 2.3 (2.3.3 failed to compute certificate keys) fail to decrypt Login(OR full encrypted session) of Sql server 2008/2005 MS TDS Protocol with SSL/TLS encryption at login stage.
It dint' try to decrypt frame with payload login data (TDS 4.2 Login7 structure). In debug file below this frame id=14
 
NMAPIs Initialized.
Initializing Netmon Parsers...
sparser.npb:001.000 Successfully unserialized NPL parser 'C:\ProgramData\Microsoft\Network Monitor 3\NPL\NetworkMonitor Parsers\Profiles\64BAA24A-0AAD-44e6-9846-3BE43D698FF6\sparser.npb.
Netmon Parsers initialized successfully.
Adding SSLVersionSelector Display Filter...
Display Filter added successfully
Adding Conversation.TCP.Id == 2 Conversation Filter...
Conversation Filter added successfully
Adding Conversation.TCP.Id == 2 Conversation Filter...
Conversation Filter added successfully
Warning: Netmon Parser Version: 3.4.2350.0 may have different filter set and might cause Expert to fail. Please use 3.4.2371.1 or greater.
Opening Encrypted Capture File: C:\aaaaa.cap
Creating Decrypted Capture File: C:\nnnn.cap
Using Init Filter String of Ethernet.Ipv4.Tcp.TCPPayload.TlsSslData.Tls.
Changing Conversation ID from 18446744073709551615 to 2
<long long frames log>
........
14: Processing Field: PayloadHeader.TDS.TLSSSLData.TLS.TlsRecLayer.TlsRecordLayer.ApplicationData
With Value: Binary Large Object (3328 Bytes)
14: Processing Field: PayloadHeader.TDS.TLSSSLData.TLS.TlsRecLayer.TlsRecordLayer.ApplicationData.SSLApplicationData
With Value: Binary Large Object (3328 Bytes)
-.-.-.-.-.-.- SSL Decryption Log Ends-.-.-.-.-.-.-
 
I can submit (privately) .cap file with corresponding .pfx with private key but it is trivial test lab setup.

comments