 | 1 | initial version |
Did you:
If you select the packet with the encrypted Application Data, and then apply the filter tcp.stream==${tcp.stream}, do you see the full TLS handshake? Does the handshake show a "Finished" from both sides or does it show "encrypted handshake" message from both sides?
If you want to check if the functionality actually works, you can download a trace of mine from https://www.cloudshark.org/captures/1cd191698a5c and you will find the TLS session key in the capture file comments (see: capture file properties).
