Ask Your Question

Revision history [back]

In TLS 1.2 and before, the PSK can be used with PSK cipher suites such as TLS_PSK_WITH_AES_128_CCM to decrypt sessions in Wireshark.

In TLS 1.3, whether decryption is possible depends on the psk_key_exchange_modes extension:

  • If it is psk_dhe_ke, then the PSK itself is no longer sufficient to decrypt the application traffic. In this case, an ephemeral Diffie-Hellman key exchange will be performed which requires additional secrets to allow Wireshark to decrypt the sessions.
  • If it is psk_ke, then the PSK should be sufficient to decrypt the session.

Your trace clearly advertises the former, psk_dhe_ke:

Transport Layer Security
    TLSv1.3 Record Layer: Handshake Protocol: Client Hello
            Extension: psk_key_exchange_modes (len=2)
                Type: psk_key_exchange_modes (45)
                Length: 2
                PSK Key Exchange Modes Length: 1
                PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)

So you have to resort to techniques to extract the session secret. Since OpenSSL appears to be in use, have a look at this post. It describes how to use a LD_PRELOAD library to extract the required secrets. If you want to skip the technical details, you can also just check the walkthrough linked on top of that post.

Note: in theory TLS 1.3 with psk_ke should allow decryption, but I have not verified that not considered that in the implementation. It might not be supported yet. In that case, feel free to open a bug with a capture file and PSK and ping me (and/or submit a patch).