Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2019-04-08 12:04:18 +0000

Ralph gravatar image

On a linux server one can use "openssl s_server" in order to obtain the keys. I used the command 

# openssl s_server  -port 443 -cert <path to cert.pem> -key <path to privkey.pem> -CAfile <path to chain.pem>   -keylogfile <path to keylog file>

The values in < ...> have to be replaced by your settings. The schedule for decrypting TLS traffic is:

  1. start the openssl s_server by the command above
  2. start capturing with Wireshark
  3. establish TLS connection to the openssl server (e.g. send https message)
  4. stop capturing
  5. in wireshark: "edit -> preferences -> protocols -> TLS -> (pre)-master-secret log filename" select the keylog file from 1.

Then the messages are decrypted by Wireshark.