Ask Your Question

Decrypt TLS 1.3 with Wireshark

asked 2019-06-12 08:16:53 +0000

Hey all!

For a university project, my colleagues and me decrypted a TLS 1.2 Session with the help of the following guide: Unfortunately, it did not work out on Websites (like facebook) that used TLS 1.3 for encryption. Does anyone know, how to accomplish that?

Thanks a lot!

edit retag flag offensive close merge delete



What version of Wireshark are you using? If you're not using the latest version, I'd highly recommend that you upgrade.

cmaynard gravatar imagecmaynard ( 2019-06-12 13:42:04 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2019-06-12 16:52:00 +0000

grahamb gravatar image

updated 2019-06-12 22:00:35 +0000

Decryption of TLS 1.3 was demonstrated at SharkFest'19 US by @Lekensteyn and his presentation should be up on the SharkFest retrospective page after the conference, and is also available from previous SharkFest presentations.

You will need to user the pre-master secret method as TLS 1.3 doesn't support the RSA key exchange methods that were used in previous versions of TLS.

Do you have the pre-master log file? Have you configured the TLS dissector preferences to use that log file?

edit flag offensive delete link more


The slides are now up here: You need at least Wireshark 2.6 for TLS 1.3 decryption support.

Lekensteyn gravatar imageLekensteyn ( 2019-06-12 20:56:34 +0000 )edit

Thank you very much for your immediate help. Unfortunately, we could not apply the additional settings that were needed, since the due date was too close and we had infrastructural issues at the university. We will include your comment and link your slides in our seminar paper though to provide help for further projects.

schwinge17 gravatar imageschwinge17 ( 2019-06-14 16:50:05 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-06-12 08:16:53 +0000

Seen: 66 times

Last updated: Jun 12