💾 Archived View for rawtext.club › ~sloum › geminilist › 002174.gmi captured on 2020-09-24 at 01:23:03. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Johannes von Rotz jr at vrtz.ch
Fri Jul 10 14:22:45 BST 2020
- - - - - - - - - - - - - - - - - - -
On 10.07.2020 13:18, Hannu Hartikainen wrote:
I logged some traffic between my own client and server last night with
Wireshark. Obviously the data is encrypted, but I was surprised to not
be able to decrypt the data even when I have the private key for the
server (it would work for some TLS 1.2 setup, apparently). Fortunately I
found the bug hindering my progress just by looking at the code. Eventually.
Does anyone know how to log TLS session keys and later use them to
decrypt the logged traffic? Does some client perhaps already support this?
The (asymmetric) keys in the certificates are only used to exchange a(symmetric) session key, which would need to be logged in order to beable to decrypt the traffic.
You would typically log the session keys to a file which then is read byWireshark to decrypt the TLS traffic, see [0] for an example using Firefox.
To have an idea of how to do it in your own application you might wantto have a look at the answers at [1].
Cheers, J.
[0] https://wiki.wireshark.org/TLS#Using_the_.28Pre.29-Master-Secret[1]https://security.stackexchange.com/questions/80158/extract-pre-master-keys-from-an-openssl-application