Packet Capture Decryption

NOYB · Mar 27, 2013, 12:40 AM

Capturing encrypted SMTP traffic on the WAN interface and providing the private key in Wireshark it is decrypted just fine for a Windows Live email client session. But cannot decrypt the capture of a pfSense Notify session.

What is different about the pfSense SMTP client? It’s as though it is not using the SMTP servers certificate.

jimp · Mar 27, 2013, 5:46 PM

Did the start of the client/server exchange in both cases look the same? (e.g. STARTTLS or straight SSL/TLS) You should be able to see the certificate negotiation and such at least.

NOYB · Mar 27, 2013, 9:54 PM

The same up through 6th packet (TLSv1 Server Hello). After that they diverge a bit but both are successful at sending the message. But Wireshark cannot decrypt the pfSense notify sent message even though both cases should be using the same cert and private key.

The Wireshark SSL Debug log has this line about DH key exchange being impossible to decrypt.
Session from other SMTP client does not have that. Guessing this is the issue. But don't know how to change it so that it can be decrypted.


dissect_ssl enter frame #13 (first time)
  conversation = 058D184C, ssl_session = 058D1CD0
  record: offset = 0, reported_length_remaining = 198
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 134, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 130 bytes, remaining 139 
ssl_decrypt_pre_master_secret session uses DH (17) key exchange, which is impossible to decrypt
dissect_ssl3_handshake can't decrypt pre master secret
  record: offset = 139, reported_length_remaining = 59
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
  record: offset = 145, reported_length_remaining = 53
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 48, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 166 offset 150 length 16733742 bytes, remaining 198

jimp · Mar 28, 2013, 1:10 PM

Not sure I'd want to cripple it to make it less secure… :-)

http://ask.wireshark.org/questions/17630/cant-decrypt-tlsv1-traffic

NOYB · Mar 28, 2013, 4:43 PM

Not permanently no. But temporarily for investigation yes.

Where I'm head is trying to determine what is going on with port 587 with SSL/TLS enabled that prevents it from working.

Now I'm guessing the reason has to do with the SMTP server config maybe not compatible with DH.
Port 445 (smtps) uses tls wrappermode and port 587 (submission) uses tls security level encrypt.

Where would this be changed in pfSense? Thinking it may be easier to verify by temporarily changing pfSense test bed before going and messing around with the mail server config.

Mail server config snipit.


submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

jimp · Mar 28, 2013, 4:51 PM

Looks like in /etc/inc/smtp.inc we compose the fsockopen url with ssl:// if SSL is enabled, apparently there is also a tls:// prefix.

Perhaps there needs to be an extra option to control the switch somewhere. Instead of an SSL checkbox, a drop-down: No Encryption / SSL / TLS

jimp · Mar 28, 2013, 4:53 PM

Or maybe it might need a nudge another way… http://php.net/stream_socket_enable_crypto

NOYB · Mar 28, 2013, 9:15 PM

Hard coding TLS in /etc/smtp.inc does not seem to change the behavior for ether being able to decrypt or port 587 working.

jimp · Mar 29, 2013, 1:06 PM

There are also other choices there (sslv2, sslv3) do those make any difference?

NOYB · Mar 29, 2013, 6:36 PM

Tried those. Don't recall the exact result but it did not work.

From some network captures it looks like pfSense always insists on "wrapper mode". After the TCP connection is made pfSense immediately sends client hello and then ignores the initial STMP 220 response.