This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Decrypt SSL with exported SSL Session Keys

0

Hi all,

I am new to Wireshark, I run v1.6.7 on Ubuntu Desktop. I can decrypt HTTPS Traffic with my private key, works fine. I can see decrypted traffic as http.

In order to send the capture to a vendor, I export the SSL Session Keys to file. Before sending the Session Keys and capture to the 3rd party, I want to test the decryption with the exported SessionKeys. I create a new profile, protocols and for (Pre)-master-secret log file name I put the path of the SSL Session Keys. However, if I click on apply, nothing happens. The SSL debug log file is empty.

What do I miss ?

Thanks in advance for your answers.

asked 09 Oct '13, 05:13

Dragisa's gravatar image

Dragisa
16113
accept rate: 0%


One Answer:

0

Were there any keys saved in the file to which you exported the SSL Session Keys? Do the Session-ID's match the ones seen in the trace file?

The SSL debug file should at least list that it sees SSL traffic. Do you see SSL in the packet list? Are you running SSL on a non-standard port? If so, please add the port to the HTTP settings.

answered 09 Oct '13, 13:43

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Hi SYN-bit,

Thanks for your answer. I got it now...In the HTTP settings I fogot to add the non-standard port as SSL/TLS port. After this it worked.

Thanks!

(10 Oct '13, 02:35) Dragisa

@Dragisa, if an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(10 Oct '13, 02:54) grahamb ♦