Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

In a RSA key exchange (indicated by your ciphersuite), the pre-master-secret (which is used to create the data-encryption keys) is encrypted with the public key from the server certificate and sent to the server in the ClientKeyExchange handshake messgae. The server can decrypt this with it's private key (so, the server private key). For Wireshark to be able to do decryption, it needs the server private key to decrypt the ClientKeyExchange handshake message.

If you don't have access to the server private key, you could decrypt based on a logged SSL/TLS session key (basically, the pre-master secret is logged).

If you Google on Wireshark and SSLKEYLOGFILE you will get a few links on how to do that. Also, it seems the following link seems to explain quite a few things: