 | 1 | initial version |
In TLS 1.2 and before, the PSK can be used with PSK cipher suites such as TLS_PSK_WITH_AES_128_CCM to decrypt sessions in Wireshark.
In TLS 1.3, whether decryption is possible depends on the psk_key_exchange_modes extension:
psk_dhe_ke, then the PSK itself is no longer sufficient to decrypt the application traffic. In this case, an ephemeral Diffie-Hellman key exchange will be performed which requires additional secrets to allow Wireshark to decrypt the sessions.psk_ke, then the PSK should be sufficient to decrypt the session.Your trace clearly advertises the former, psk_dhe_ke:
Transport Layer Security
TLSv1.3 Record Layer: Handshake Protocol: Client Hello
...
Extension: psk_key_exchange_modes (len=2)
Type: psk_key_exchange_modes (45)
Length: 2
PSK Key Exchange Modes Length: 1
PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
So you have to resort to techniques to extract the session secret. Since OpenSSL appears to be in use, have a look at this post. It describes how to use a LD_PRELOAD libsslkeylog.so library to extract the required secrets. If you want to skip the technical details, you can also just check the walkthrough linked on top of that post.
Note: in theory TLS 1.3 with psk_ke should allow decryption, but I have not verified that not considered that in the implementation. It might not be supported yet. In that case, feel free to open a bug with a capture file and PSK and ping me (and/or submit a patch).