how to setup wireshark to decrypt TLS SIP

asked 2019-04-10 15:26:17 +0000

pdennett gravatar image

updated 2019-04-10 21:34:19 +0000

grahamb gravatar image

First time setting up wireshark to decrypted TLS SIP messages.

edit retag flag offensive close merge delete


You may or may not be able to decrypt TLS depending on what you have access to. What devices/interfaces are under your control and can you take packet captures on?

Ross Jacobs gravatar imageRoss Jacobs ( 2019-04-10 16:23:37 +0000 )edit

Have access to all devices/instruments along with their certs. In this particular case the call flow is from PC soft client-->call manager-->IP phone. However, for security reason I will not be able to upload a wireshark capture

pdennett gravatar imagepdennett ( 2019-04-10 16:42:18 +0000 )edit

There is a Wiki page on SSL here, depending on the key exchange algorithm chosen just having the certificate private keys may not be enough.

grahamb gravatar imagegrahamb ( 2019-04-10 17:31:01 +0000 )edit

It also depends on whether this in TLS 1.2 or 1.3. You should be able to decrypt TLS 1.2 if you have access to the client or server (different methods for each). On TLS 1.3, it's possible to run into a confirmed bug.

Ross Jacobs gravatar imageRoss Jacobs ( 2019-04-10 20:52:12 +0000 )edit

I suspect that an IP Phone won't be running TLS 1.3 yet.

grahamb gravatar imagegrahamb ( 2019-04-10 21:33:31 +0000 )edit