 | 1 | initial version |
As Graham said, your session is using an ephemeral Diffie-Hellman (DH) cipher suite:
ssl_set_cipher found CIPHER 0xC030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -> state 0x17
These suites cannot be decrypted using a private RSA key file. You can try the sslkeylog library from https://git.lekensteyn.nl/peter/wireshark-notes/tree/src:
git clone https://git.lekensteyn.nl/peter/wireshark-notes.git
cd wireshark-notes/src
make
./sslkeylog.sh php -r 'echo file_get_contents("https://example.com/x");'
This will print the TLS key log file line to standard error by default as you can see:
CLIENT_RANDOM 96e6af926f2ee9698ec229c92cadec92db676e21c92f0236168dba78ce82c93b 92a7bb79232db67a252b62548fbcf9bf11e9ba941be57bc69028ecece406b260386203f22b3af25ed3cf2b0fe928af2a
PHP Warning: file_get_contents(https://example.com/x): failed to open stream: HTTP request failed! HTTP/1.0 404 Not Found
in Command line code on line 1
To write it to a file, do something like this first:
export SSLKEYLOGFILE=$PWD/keys.txt
The resulting file can be configured in Wireshark at Preferences -> Protocols -> TLS -> (Pre)-Master-Secret log filename.
See also https://wiki.wireshark.org/TLS#TLS_Decryption
| | 2 | No.2 Revision |
As Graham said, your session is using an ephemeral Diffie-Hellman (DH) cipher suite:
ssl_set_cipher found CIPHER 0xC030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -> state 0x17
These suites cannot be decrypted using a private RSA key file. You can try the sslkeylog library from https://git.lekensteyn.nl/peter/wireshark-notes/tree/src:[https://git.lekensteyn.nl/peter/wireshark-notes/tree/src](https://git.lekensteyn.nl/peter/wireshark-notes/tree/src
git clone https://git.lekensteyn.nl/peter/wireshark-notes.git
cd wireshark-notes/src
make
./sslkeylog.sh php -r 'echo file_get_contents("https://example.com/x");'
This will print the TLS key log file line to standard error by default as you can see:
CLIENT_RANDOM 96e6af926f2ee9698ec229c92cadec92db676e21c92f0236168dba78ce82c93b 92a7bb79232db67a252b62548fbcf9bf11e9ba941be57bc69028ecece406b260386203f22b3af25ed3cf2b0fe928af2a
PHP Warning: file_get_contents(https://example.com/x): failed to open stream: HTTP request failed! HTTP/1.0 404 Not Found
in Command line code on line 1
To write it to a file, do something like this first:
export SSLKEYLOGFILE=$PWD/keys.txt
The resulting file can be configured in Wireshark at Preferences -> Protocols -> TLS -> (Pre)-Master-Secret log filename.
| | 3 | No.3 Revision |
As Graham said, your session is using an ephemeral Diffie-Hellman (DH) cipher suite:
ssl_set_cipher found CIPHER 0xC030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -> state 0x17
These suites cannot be decrypted using a private RSA key file. You can try the sslkeylog library from [https://git.lekensteyn.nl/peter/wireshark-notes/tree/src](https://git.lekensteyn.nl/peter/wireshark-notes/tree/srchttps://git.lekensteyn.nl/peter/wireshark-notes/tree/src.
git clone https://git.lekensteyn.nl/peter/wireshark-notes.git
cd wireshark-notes/src
make
./sslkeylog.sh php -r 'echo file_get_contents("https://example.com/x");'
This will print the TLS key log file line to standard error by default as you can see:
CLIENT_RANDOM 96e6af926f2ee9698ec229c92cadec92db676e21c92f0236168dba78ce82c93b 92a7bb79232db67a252b62548fbcf9bf11e9ba941be57bc69028ecece406b260386203f22b3af25ed3cf2b0fe928af2a
PHP Warning: file_get_contents(https://example.com/x): failed to open stream: HTTP request failed! HTTP/1.0 404 Not Found
in Command line code on line 1
To write it to a file, do something like this first:
export SSLKEYLOGFILE=$PWD/keys.txt
The resulting file can be configured in Wireshark at Preferences -> Protocols -> TLS -> (Pre)-Master-Secret log filename.