Decrypting app payload in wireshark
Claude Robitaille
claude-robitaille at hotmail.com
Sun Jul 18 22:58:58 UTC 2021
Never mind. All is good. Wireshark simply does not show the content / result of the last data packet. In the test, I was just sending 1 packet so even though wireshark decrypts it this is not visible in the main window. But if you go to conversation details then you see the data.
________________________________
From: openssl-users <openssl-users-bounces at openssl.org> on behalf of Claude Robitaille <claude-robitaille at hotmail.com>
Sent: July 18, 2021 4:32 PM
To: openssl-users at openssl.org <openssl-users at openssl.org>
Subject: Decrypting app payload in wireshark
Hi all,
I am setting up a callback using SSL_CTX_set_keylog_callback where I simply dump to a file. In wireshark, having configured it to use the filr I created, I can see the decoded TLS handshake (prior to that, the handshake was encrypted so I know that wireshark is indeed finding the data from the callback).
But the actual application data is still encrypted.... 🙁
I am doing this client side.
Any idea what is missing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210718/b8b27e84/attachment-0001.html>
More information about the openssl-users
mailing list