How to decrypt TLS 1.3 handshake when server is under control

Decrypt_SSL-TLS

asked 2019-04-06 00:16:56 +0000

Ralph
1 ●1 ●1 ●1

Dear,

I want to decrypt TLS 1.3 handshake messages captured by wireshark. The server (apache) is under my control, but not the client. Since I have no control over the client I can't use pre shared keys.

Question: Which information do I need to log on the server, in order to be able to decrypt the captured handshake messages?

Thanks in advance.

Regards, Ralph

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2019-04-08 12:04:18 +0000

Ralph
1 ●1 ●1 ●1

On a linux server one can use "openssl s_server" in order to obtain the keys. I used the command

# openssl s_server  -port 443 -cert <path to cert.pem> -key <path to privkey.pem> -CAfile <path to chain.pem>   -keylogfile <path to keylog file>

The values in < ...> have to be replaced by your settings. The schedule for decrypting TLS traffic is:

start the openssl s_server by the command above
start capturing with Wireshark
establish TLS connection to the openssl server (e.g. send https message)
stop capturing
in wireshark: "edit -> preferences -> protocols -> TLS -> (pre)-master-secret log filename" select the keylog file from 1.

Then the messages are decrypted by Wireshark.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-04-06 00:16:56 +0000

Seen: 1,306 times

Last updated: Apr 08 '19

How to decrypt TLS 1.3 handshake when server is under control edit

1 Answer