Decrypting app payload in wireshark

Claude Robitaille claude-robitaille at
Sun Jul 18 22:58:58 UTC 2021

Never mind. All is good. Wireshark simply does not show the content / result of the last data packet. In the test, I was just sending 1 packet  so even though wireshark decrypts it this is not visible in the main window. But if you  go to conversation details then you see the data.
From: openssl-users <openssl-users-bounces at> on behalf of Claude Robitaille <claude-robitaille at>
Sent: July 18, 2021 4:32 PM
To: openssl-users at <openssl-users at>
Subject: Decrypting app payload in wireshark

Hi all,

I am setting up a callback using SSL_CTX_set_keylog_callback where I simply dump to a file. In wireshark, having configured it to use the filr I created, I can see the decoded TLS handshake (prior to that, the handshake was encrypted so I know that wireshark is indeed finding the data from the callback).

But the actual application data is still encrypted.... 🙁

I am doing this client side.

Any idea what is missing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list