How to decrypt TLS when using Java libraries
Hi,
We have captured packets for SNMP over TLS communication and need to decrypt the encrypted application data received. By following the resource https://www.comparitech.com/net-admin... we are able to decrypt HTTPS over TLS but not SNMP over TLS.
We used SSLKEYLOGFILE method to decrypt.
Is SNMP over TLS decryption supported by Wireshark? If so, any help in this regard will be greatly appreciated.
Details: Wireshark version: Version 3.6.1 (v3.6.1-0-ga0a473c7c1ba) TLS version: TLSv1.2 SNMP request/ response port is not default 161.
Thanks, Anjali
What are the SNMP endpoints (manager, agent)?
Tried on manager end point. Agent side packets can also be collected if that can be decrypted.
The TLS code in the manager or agent is going to need to give up the keys. Have you asked the vendor if there are steps to collect them?
Did you adjust the SNMP preference related to the SNMP TCP port?
Currently TLS code in manager is java using snmp4j 3PP. Vendor, snmp4j 3PP says generic way of TLS decryption should work. No further help from the vendor. In regard to agent we don't have much control for now. I can check on that. But my understanding was using middle man approach SSLKEYLOGFILE would capture keys and same can be used to decrypt https over tls successfully. But we are not able to achieve decryption using this key file for SNMP as mentioned in problem statement.
@Jaap Regarding port change in preferance, the data on port (10161) is TCP data, if we change SNMP port to 10161, that packet is treated as SNMP and fails as it is actually SNMP with TLS on TCP channel. So, I ruled out port change