Ask Your Question

Revision history [back]

Firstly, the SSL dissector has been renamed to TLS, so everything else, e.g. preferences, has been adjusted accordingly.

Secondly, the configuration is slightly simpler now if using a private RSA server key, only the RSA Keys entry is listed. The key file should be in PEM format, i.e. it should be text and has "-----BEGIN RSA PRIVATE KEY-----", or a PKCS#12 store, i.e. a pfx file.

Thirdly, a private RSA key can only be used to decrypt the traffic if the following are true:

  • The cipher suite selected by the server is not using (EC)DHE.
  • The protocol version is SSLv3, (D)TLS 1.0-1.2. It does not work with TLS 1.3.
  • The private key matches the server certificate. It does not work with the client certificate, nor the Certificate Authority (CA) certificate.
  • The session has not been resumed. The handshake must include the ClientKeyExchange handshake message.

See the wiki TLS page for more info.