On 10.07.2020 13:18, Hannu Hartikainen wrote: > I logged some traffic between my own client and server last night with > Wireshark. Obviously the data is encrypted, but I was surprised to not > be able to decrypt the data even when I have the private key for the > server (it would work for some TLS 1.2 setup, apparently). Fortunately I > found the bug hindering my progress just by looking at the code. Eventually. > > Does anyone know how to log TLS session keys and later use them to > decrypt the logged traffic? Does some client perhaps already support?this? The (asymmetric) keys in the certificates are only used to exchange a (symmetric) session key, which would need to be logged in order to be able to decrypt the traffic. You would typically log the session keys to a file which then is read by Wireshark to decrypt the TLS traffic, see [0] for an example using Firefox. To have an idea of how to do it in your own application you might want to have a look at the answers at [1]. Cheers, J. [0] https://wiki.wireshark.org/TLS#Using_the_.28Pre.29-Master-Secret [1] https://security.stackexchange.com/questions/80158/extract-pre-master-keys- from-an-openssl-application
---
Previous in thread (1 of 4): 🗣️ Hannu Hartikainen (hannu.hartikainen+gemini (a) gmail.com)
Next in thread (3 of 4): 🗣️ Hannu Hartikainen (hannu.hartikainen+gemini (a) gmail.com)