 | 1 | initial version |
In a RSA key exchange (indicated by your ciphersuite), the pre-master-secret (which is used to create the data-encryption keys) is encrypted with the public key from the server certificate and sent to the server in the ClientKeyExchange handshake messgae. The server can decrypt this with it's private key (so, the server private key). For Wireshark to be able to do decryption, it needs the server private key to decrypt the ClientKeyExchange handshake message.
If you don't have access to the server private key, you could decrypt based on a logged SSL/TLS session key (basically, the pre-master secret is logged).
If you Google on Wireshark and SSLKEYLOGFILE you will get a few links on how to do that. Also, it seems the following link seems to explain quite a few things:
https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
