Use OpenSSL to decrypt TLS session from PCAP files

John Baldwin jhb at FreeBSD.org
Tue Dec 8 17:17:54 UTC 2020


On 12/8/20 7:46 AM, Matt Caswell wrote:
> 
> 
> On 08/12/2020 15:28, Oren Shpigel wrote:
>> Hi, thanks for the answer.
>>
>> I know wireshark and ssldump have this capability, but I'm looking for a
>> way to do it in my own software in C++, (using OpenSSL, if possible, but
>> open to other suggestions as well).
> 
> Unfortunately OpenSSL does not support this capability. It obviously
> supports all the required low-level crypto primitives to do it - but you
> would have to put them together yourself, as well as do all the packet
> parsing, etc. This would be ... difficult. :-)

You could use a memory BIO or the like to feed the reconstructed data
stream into to handle the TLS bits though?  You are still stuck with
writing your own TCP stack (effectively)?  I think openvpn does something
like this when I looked (it used memory BIOs to and then manually
read/wrote their contents on its tunnel socket).

-- 
John Baldwin


More information about the openssl-users mailing list