I have tcpdump (pcap file) from a linux server which is listening to requests on a port from a Netscaler load balancer. I have keys for the RSA netscaler/linux keys. I configured to use wireshark to decrypt SSL traffic -
0.0.0.0 <port number=""> http netscaler-rsa-decrypted-key-file
BUT it doesnt decrypt the traffic for me to analyze.
The supported Ciphers on the URL are -
ssl2: EXP-RC2-CBC-MD5 ssl2: RC4-MD5 ssl2: EXP-RC4-MD5 ssl2: DES-CBC3-MD5 ssl2: DES-CBC-MD5 ssl2: EXP-RC2-CBC-MD5 ssl2: RC2-CBC-MD5 ssl2: EXP-RC4-MD5 ssl2: RC4-MD5 ssl3: ADH-SEED-SHA ssl3: DHE-RSA-SEED-SHA ssl3: DHE-DSS-SEED-SHA ssl3: SEED-SHA ssl3: ADH-AES256-SHA ssl3: DHE-RSA-AES256-SHA ssl3: DHE-DSS-AES256-SHA ssl3: AES256-SHA ssl3: ADH-AES128-SHA ssl3: DHE-RSA-AES128-SHA ssl3: DHE-DSS-AES128-SHA ssl3: AES128-SHA ssl3: ADH-DES-CBC3-SHA ssl3: ADH-DES-CBC-SHA ssl3: EXP-ADH-DES-CBC-SHA ssl3: ADH-RC4-MD5 ssl3: EXP-ADH-RC4-MD5 ssl3: EDH-RSA-DES-CBC3-SHA ssl3: EDH-RSA-DES-CBC-SHA ssl3: EXP-EDH-RSA-DES-CBC-SHA ssl3: EDH-DSS-DES-CBC3-SHA ssl3: EDH-DSS-DES-CBC-SHA ssl3: EXP-EDH-DSS-DES-CBC-SHA ssl3: DES-CBC3-SHA ssl3: DES-CBC-SHA ssl3: EXP-DES-CBC-SHA ssl3: EXP-RC2-CBC-MD5 ssl3: RC4-SHA ssl3: RC4-MD5 ssl3: EXP-RC4-MD5 ssl3: EXP-RC2-CBC-MD5 ssl3: EXP-RC4-MD5 ssl3: RC4-MD5 ssl3: NULL-SHA ssl3: NULL-MD5 tls1: ADH-SEED-SHA tls1: DHE-RSA-SEED-SHA tls1: DHE-DSS-SEED-SHA tls1: SEED-SHA tls1: ADH-AES256-SHA tls1: DHE-RSA-AES256-SHA tls1: DHE-DSS-AES256-SHA tls1: AES256-SHA tls1: ADH-AES128-SHA tls1: DHE-RSA-AES128-SHA tls1: DHE-DSS-AES128-SHA tls1: AES128-SHA tls1: ADH-DES-CBC3-SHA tls1: ADH-DES-CBC-SHA tls1: EXP-ADH-DES-CBC-SHA tls1: ADH-RC4-MD5 tls1: EXP-ADH-RC4-MD5 tls1: EDH-RSA-DES-CBC3-SHA tls1: EDH-RSA-DES-CBC-SHA tls1: EXP-EDH-RSA-DES-CBC-SHA tls1: EDH-DSS-DES-CBC3-SHA tls1: EDH-DSS-DES-CBC-SHA tls1: EXP-EDH-DSS-DES-CBC-SHA tls1: DES-CBC3-SHA tls1: DES-CBC-SHA tls1: EXP-DES-CBC-SHA tls1: EXP-RC2-CBC-MD5 tls1: RC4-SHA tls1: RC4-MD5 tls1: EXP-RC4-MD5 tls1: EXP-RC2-CBC-MD5 tls1: EXP-RC4-MD5 tls1: RC4-MD5 tls1: NULL-SHA tls1: NULL-MD5