 | 1 | initial version |
According to epan/dissectors/packet-ssl-utils.c:
/* The format of the file is a series of records with one of the following formats:
* - "RSA xxxx yyyy"
* Where xxxx are the first 8 bytes of the encrypted pre-master secret (hex-encoded)
* Where yyyy is the cleartext pre-master secret (hex-encoded)
* (this is the original format introduced with bug 4349)
*
* - "RSA Session-ID:xxxx Master-Key:yyyy"
* Where xxxx is the SSL session ID (hex-encoded)
* Where yyyy is the cleartext master secret (hex-encoded)
* (added to support openssl s_client Master-Key output)
* This is somewhat is a misnomer because there's nothing RSA specific
* about this.
*
* - "PMS_CLIENT_RANDOM xxxx yyyy"
* Where xxxx is the client_random from the ClientHello (hex-encoded)
* Where yyyy is the cleartext pre-master secret (hex-encoded)
* (This format allows SSL connections to be decrypted, if a user can
* capture the PMS but could not recover the MS for a specific session
* with a SSL Server.)
*
* - "CLIENT_RANDOM xxxx yyyy"
* Where xxxx is the client_random from the ClientHello (hex-encoded)
* Where yyyy is the cleartext master secret (hex-encoded)
* (This format allows non-RSA SSL connections to be decrypted, i.e.
* ECDHE-RSA.)
*
* - "CLIENT_EARLY_TRAFFIC_SECRET xxxx yyyy"
* - "CLIENT_HANDSHAKE_TRAFFIC_SECRET xxxx yyyy"
* - "SERVER_HANDSHAKE_TRAFFIC_SECRET xxxx yyyy"
* - "CLIENT_TRAFFIC_SECRET_0 xxxx yyyy"
* - "SERVER_TRAFFIC_SECRET_0 xxxx yyyy"
* - "EARLY_EXPORTER_SECRET xxxx yyyy"
* - "EXPORTER_SECRET xxxx yyyy"
* Where xxxx is the client_random from the ClientHello (hex-encoded)
* Where yyyy is the secret (hex-encoded) derived from the early,
* handshake or master secrets. (This format is introduced with TLS 1.3
* and supported by BoringSSL, OpenSSL, etc. See bug 12779.)
*/
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.