Use OpenSSL to decrypt TLS session from PCAP files
Dr. Matthias St. Pierre
Matthias.St.Pierre at ncp-e.com
Tue Dec 8 14:32:00 UTC 2020
Do you need to integrate the decryption into your own software, or are you just looking for a possibility to monitor and view the traffic?
If it’s the latter, try and take a look at the SSL decryption support that Wireshark provides.
https://wiki.wireshark.org/TLS
https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/
hth,
Matthias
Disclaimer: I haven’t used it for TLS myself, only for IPsec, and I can’t tell how up-to-date it is, in particular whether it is TLS 1.3 ready.
From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Oren Shpigel
Sent: Tuesday, December 8, 2020 3:15 PM
To: openssl-users at openssl.org
Subject: Use OpenSSL to decrypt TLS session from PCAP files
Hi,
I generated a PCAP file with TLS session, and I have the matching private key used by my HTTPS server.
The TLS session is not using DH for key exchange, so it should be possible to decrypt.
I know OpenSSL can be used to connect to a socket to "actively" handle the TLS session, but is there a way to "passively" decode and decrypt a session?
How can I "feed" the packets (both directions) into the OpenSSL library?
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/736d85fd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7494 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/736d85fd/attachment-0001.bin>
More information about the openssl-users
mailing list