I am challenged with the analysis of an SSL VPN Gateway.
Users ultimately access an HTTPS server in the inside network. This session is encapsulated in another SSL layer on the outside.
As I have both SSL keys (VPN gateway and HTTPS server) traffic can be decrypted. (Thanks, Wireshark, I love this feature.)
Decrypted traffic on the outside of the gateway matches the encrypted traffic from the inside.
I want to compare HTTP response times from both sides of the gateway, thus deducting the latency.
Is there a way to peel off the inner layer of SSL? Or could I save decrypted contents as decrypted pcap file?
Any help is appreciated.
asked 09 Dec '10, 00:57
It is not possible to strip a layer or save decrypted traffic as pcap. The only option would be to do decryption two times for the outside traffic. I'm not sure though if the current implementation would support that or gets itself mixed up. What is the carried protocol within the SSL session to the SSL-VPN gateway?
If IP is carried, you could try the following key list when analyzing the outside traffic:
If not, could you give a schematic of the encapsulation that is done by the SSL-VPN?
answered 09 Dec '10, 15:39