Wireshark mailing list archives
Re: two way SSL decryption
From: "T.A. Peelen" <tom.peelen () open-consult nl>
Date: Sun, 17 Jan 2010 21:59:57 +0100
Super! Thank you very much. An excellent presentation it helped me a lot in discovering what to do. Finally I found I was using the wrong private key to decode the stream. Once configured correctly it worked directly. I think it would be helpfull to have your presentation at the wireshark wiki. It explains much more on configuring SSL-decryption. Thanks again, Tom. On 17 jan 2010 18:04 "Sake Blok" <sake () euronet nl> wrote:
On Sun, Jan 17, 2010 at 03:48:42PM +0100, T.A. Peelen wrote:I'm confronted with a situation in which both sides of the connection have a certificate to realise a SSL tunnel based on a private key at both ends. However, we encounter a problem in which we are not sure which side of the tunnel causes a problem. To be able to dertemine this I need to decrypt the tunnel. I have private keys of both ends available (it is a test-situation).Do you mean the SSL connection uses client authentication. Ie. the server asks the client to authenticate itself with a certificate too? If so, the private key of the client is not used to encrypt the pre-master secret that it sends towards the server (it is this PMS that wireshark decrypts with the server private key to be able to decrypt the session). So if you configure wireshark with the private key of the server, you should be fine. If both sides are able to set up the tunnel, you can supply wireshark with both keys so each direction can be decrypted. You would have to use something like this: ,,,;,,, Beware of DH ciphers, when a DH cipher is chosen decryption won't work as the PMS will be exchanged differently. Hope this helps, Cheers, Sake PS Have a look at the slides of the presentation I gave at Sharkfest last year, they might help you in troubleshooting SSL traffic: <https://www.cacetech.com/sharkfest.09/AU2_Blok_SSL_Troubleshooting_wi th_Wireshark_and_Tshark.pps> or watch the video of my session at: <http://www.lovemytool.com/blog/2009/06/sake_blok_11.html> ______________________________________________________________________ _____ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: <http://www.wireshark.org/lists/wireshark-users> Unsubscribe: <https://wireshark.org/mailman/options/wireshark-users> mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- two way SSL decryption T.A. Peelen (Jan 17)
- Re: two way SSL decryption Sake Blok (Jan 17)
- Re: two way SSL decryption T.A. Peelen (Jan 17)
- Re: two way SSL decryption Sake Blok (Jan 17)
- Re: two way SSL decryption T.A. Peelen (Jan 17)
- Re: two way SSL decryption Sake Blok (Jan 17)