TLS decryption with NSS key log but without handshake frames
Hi,
I'm in the use case where a client and a server established a TLS1.2 tunnel using ECDHE. I'm able to extract from client (or server) the premaster secret and the client random to give it to wireshark following TLS1.2 NSS key log format. When i read my .pcap (containing the handshake frames), wireshark is able to decrypt the data.
In my use case, i start to record the network only when something wrong happen. => So i only have, in my record, encrypted data (handshake frame are not available). I'm able to have the NSS key log. => Wireshark is not able to decrypt data, and this is normal since TLS master key is computed with KDF[premaster secret, client random, server random] and only "client random" and "premaster secret" are available in my NSS key log file.
==> Is it possible with wireshark to decrypt such TLS1.2 record (without having access to the handshake frame) ? -> For example, giving to wireshark also the "server random" ? (but server random is not mentionned in the standardized NSS key log format).
==> I know TLS1.3 is quite different in the way of computing TLS keys. Do you know, if using TLS 1.3 and "TLS1 1.3 NSS Key log) I will have the same issue ?