Hello I'm debugging my SSL application and would be great if I could capture SSL stream using Wireshark and then follow it decrypted. It is not possible to obtain server's private key in my case
But as a client application I can read the whole stream fine and can dump all needed information for decryption, like Session-ID and Master-key, ex:
Is it possible somehow to follow decrypted stream in Wireshark without server's private key but having client's Master-Key and Session-ID?
asked 25 May '11, 03:22
OK, forget my last answer... as of today, it is possible to use the "openssl s_client" output to do decryption. I added this to the keylog option that was already there. You can now use the format:
In the key log file to decrypt the session. In your case that would be:
You will need to build your own version from "trunk" or use an automated build which will be available in a couple of hours. Please use a version with a number higher or equal to 37401.
I hope this works for you :-)
answered 25 May '11, 14:58
At the moment "No, not directly". There has been code added that reads in a file with a list of decrypted PreMasterSecrets, indexed by the first 8 bytes (IIRC) of the Encrypted PreMasterSecret. It has been added by a developer that also added a debug option to the SSL library of Firefox/Chrome to export this data (see Bug 4349)
So at the moment, you might be able to fabricate the file yourself based on the tracefile and the "openssl s_client" output. In the future there might be more options added to import/export session keys to make decryption possible without obtaining (or exposing) the private key.
answered 25 May '11, 07:15