Cannot Decrypt SSL/TLS Packets Using Pre-Master Secret Log File
Hi,
I'm trying to decode SSL/TLS packets in WireShark.
I set the Windows environmental variable SSLKEYLOGFILE=C:\Users\Dave\ssl-keys.log Just in case, I rebooted.
I then visited several web sites including the one I'm trying to decrypt messages. I did see the log file was written and the contents appear to be normal.
I then started a capture and used a curl command. I find the encrypted packets and my Pre-Master Secret log filename is correct, as shown in the banner above the packets.
Yet, I'm still not able to see decrypted messages.
What am I doing wrong?
Thanks,
Dave
Where does your version of "curl" come from? Look at the Properties -> Details of the file to find out.
I ask, because there's a possibility it's a binary that's linked to SChannel which does not observe the SSLKEYLOGFILE env var.
Hi grahamb,
Thanks for the reply. Here's the curl version information. I honestly don't remember where I got curl.
Thanks again,
Dave
Same as mine, and as you can see in the version info it's using
Schannel, so won't emit pre-master secrets.Not sure where I got mine, I think it's part of the "standard" Windows install these days. Ahh, see here for more info about the MS build.
Have you tried a bigger hammer?
https://learn.microsoft.com/en-us/win...
Kind of overkill to load WSL and a linux image just for curl but it does work.
(currently using ancient ubuntu 18.04)
Yeah, actually went that route. Installed WSL but got UBUNTU errors. Investigated those, requiring updates to the BIOS. Searched into that, but couldn't find what was needed by UBUNTU, so I gave up and backed that all out.