
<div dir="ltr">Hi, thanks for the answer.<div><br></div><div><div>I know wireshark and ssldump have this capability, but I'm looking for a way to do it in my own software in C++, (using OpenSSL, if possible, but open to other suggestions as well).</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Dec 8, 2020 at 4:32 PM Dr. Matthias St. Pierre <<a href="mailto:Matthias.St.Pierre@ncp-e.com">Matthias.St.Pierre@ncp-e.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">


<div lang="DE" style="overflow-wrap: break-word;">

<div class="gmail-m_4735761813029185548WordSection1">

<p class="MsoNormal"><span lang="EN-US">Do you need to integrate

<span class="gmail-m_4735761813029185548SpellE">the</span> decryption into your own software, or are you just looking for a possibility to monitor and view the traffic?<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">If it’s the latter, try and take a look at the SSL decryption

 support that Wireshark provides. <u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><a href="https://wiki.wireshark.org/TLS" target="_blank">https://wiki.wireshark.org/TLS</a><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><a href="https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/" target="_blank">https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/</a><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span class="gmail-m_4735761813029185548SpellE"><span lang="EN-US">hth</span></span><span lang="EN-US">,<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">Matthias<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">Disclaimer: I haven’t used it for TLS myself, only for IPsec,

 and I can’t tell how up-to-date it is, in particular whether it is TLS 1.3 ready.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<div style="border-top:none;border-right:none;border-bottom:none;border-left:1.5pt solid blue;padding:0cm 0cm 0cm 4pt">


<p style="font-size:10pt;font-family:Calibri,Arial"><span style="font-size:11pt"></span> </p>

<p style="font-size:10pt;font-family:Calibri,Arial"><span style="font-size:11pt">

</span></p><table style="height:342px;width:620px">

<tbody>

<tr>

<td style="font-size:11pt;height:127px;font-family:Calibri,Arial;width:171px" valign="top">

<span style="font-size:11pt"><span style="font-size:11pt"><span style="font-size:11pt"><span style="font-size:11pt"><strong><img style="height: 56px; width: 154px;" border="0" alt="NCP engingeering GmbH" src="cid:17642f52c548334e7f91" width="153" height="56"></strong></span></span></span></span></td>

<td style="font-size:11pt;height:25px;font-family:Calibri,Arial;width:12px" valign="top">

<span style="font-size:11pt"><span style="font-size:11pt"><strong></strong></span></span></td>

<td style="font-size:11pt;height:25px;font-family:Calibri,Arial;width:501px" valign="top">

<span style="font-size:11pt"><span style="font-size:11pt"><strong>Dr. Matthias St. Pierre</strong>

<br>

<span style="font-size:11pt"><span style="font-size:11pt"><br>

Senior Software Engineer <br>

<a href="mailto:matthias.st.pierre@ncp-e.com" target="_blank">matthias.st.pierre@ncp-e.com</a> <br>

Phone: +49 911 9968-0<br>

<a href="http://www.ncp-e.com" target="_blank">www.ncp-e.com</a> </span></span></span></span></td>

</tr>

<tr>

<td style="font-size:11pt;height:25px;font-family:Calibri,Arial;width:684px" valign="top" colspan="3">

<p style="font-size:10pt;font-family:Calibri,Arial"><strong><br>

Follow us on:</strong> <a title="" href="https://www.facebook.com/NCPengineering" target="_blank">Facebook</a> |

<a href="https://twitter.com/NCP_engineering" target="_blank">Twitter</a> | <a href="https://www.xing.com/companies/ncpengineeringgmbh" target="_blank">

Xing</a> | <a href="https://www.youtube.com/user/NCPengineeringGmbH" target="_blank">YouTube</a> |

<a href="http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0" target="_blank">

LinkedIn</a><br>

<br>

<strong>Headquarters Germany: </strong>NCP engineering GmbH • Dombuehler Str. 2 • 90449 • Nuremberg

<br>

<strong>North American HQ:</strong> NCP engineering Inc. • 601 Cleveland Str., Suite 501-25 • Clearwater, FL 33755

<br>

<br>

Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate Dietrich <br>

Registry Court: Lower District Court of Nuremberg <br>

Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE 133557619

<span style="font-family:Calibri"></span></p>

<p style="font-size:10pt;font-family:Calibri,Arial"><span style="font-size:7pt;font-family:Calibri,Arial"><font style="font-size:7pt" color="#727272">This e-mail message including any attachments is for the sole use of the intended recipient(s) and

 may contain privileged or confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply e-mail and delete the original message and destroy

 all copies thereof.</font> </span></p>

</td>

</tr>

</tbody>

</table>

<span style="font-family:Arial"></span><p></p>

<span style="font-size:12pt"></span><span style="font-family:"Times New Roman""><span style="font-size:12pt"></span></span><span style="font-family:Arial"><span style="font-size:12pt"><a href="https://www.ncp-e.com/de/aktuelles/events/veranstaltungen" target="_blank"></a></span></span><a title="" href="https://www.ncp-e.com/de/aktuelles/events/veranstaltungen" target="_blank"></a>

<p style="font-size:10pt;font-family:Arial"></p>

<p style="font-size:10pt;font-family:Arial"></p>

<div>

<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0cm 0cm">

<p class="MsoNormal"><span class="gmail-m_4735761813029185548SpellE"><b><span>From</span></b></span><b><span>:</span></b><span> openssl-users

 <<a href="mailto:openssl-users-bounces@openssl.org" target="_blank">openssl-users-bounces@openssl.org</a>> <b>On Behalf Of </b>Oren Shpigel<br>

<b>Sent:</b> Tuesday, December 8, 2020 3:15 PM<br>

<b>To:</b> <a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a><br>

<b>Subject:</b> Use OpenSSL to decrypt TLS session from PCAP files<u></u><u></u></span></p>

</div>

</div>

<p class="MsoNormal"><u></u> <u></u></p>

<div>

<p class="MsoNormal">Hi, <u></u><u></u></p>

<div>

<p class="MsoNormal" style="margin-bottom:12pt">I generated a PCAP file with TLS session, and I have the matching private key used by my HTTPS server.<br>

The TLS session is not using DH for key exchange, so it should be possible to decrypt.<br>

I know OpenSSL can be used to connect to a socket to "actively" handle the TLS session, but is there a way to "passively" decode and decrypt a session?<br>

How can I "feed" the packets (both directions) into the OpenSSL library?<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal">Thanks!<u></u><u></u></p>

</div>

</div>

</div>

</div>

</div>


</blockquote></div>