This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SSL traffic decryption issue

0

Hello Sharkers :D

Some time we need to investigate SSL traffic on some servers, we do have the SSL certificate for that server but the issue is after trying to decrypt the captured PCAP we are not able to decrypt it.

Little bit of research we found that SSL certificate uses Diffi-Helman which couldn't be decrypted with the SSL Cert.

Since we are the owner of the servers, is there anyway to capture the traffic and decrypt it or even to capture it as HTTP traffic from the server itself?

asked 14 Jul '17, 14:51

rami's gravatar image

rami
6112
accept rate: 0%


One Answer:

0

If you own the server, these are your options for SSL/TLS decryption:

  • Force use of a cipher suite which uses the RSA key exchange. Disadvantage: loses the forward secrecy property which would be provided by a Diffie-Hellman key exchange.
  • Tap the keys from the server process. If you have a webserver using the OpenSSL cryptographic library (e.g. nginx or Apache), then see this post for an approach using a debugger or a interposing library.

answered 15 Jul '17, 09:35

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%