This is our old Q&A Site. Please post any new questions and answers at

I've successfully set up ssl decrypt to work on my systems sessions with an ssl server by getting the private key. Works!

I have traces of other stations traffic that I need to analyze. I can't get those other stations traffic to decode. What's the unknown I'm missing?


asked 12 Dec '13, 11:56

packetman007's gravatar image

accept rate: 0%

For SSL decryption to work, there are three main conditions that need to be fulfilled:

  1. You must have the private key matching the certificate used in the session. And it needs to be in the proper format for wireshark to read. As I assume the other stations go to the same server, this condition is fulfilled.
  2. You need to have the full SSL handshake in the tracefile (so including the Certificate and the ClientKeyExchange messages). When you see ServerHello immediately followed by a ChangeCipherspec, then you have a reused SSL session and you can not decrypt it in Wireshark (unless the full handhshake is in the same tracefile).
  3. The client and server must have chosen a non-diffie-hellman key exchange. When DH is used, the master secret is encrypted with dynamically setup keys instead of the public key from the certificate and can therefor not be decrypted by wireshark. And without the cleartext master secret for the session, wireshark can not decrypt the session. A DH key exchange can be recognized by an extra "ServerKeyExchange" message in the SSL handshake.

What do your SSL handshakes look like?

permanent link

answered 13 Dec '13, 03:11

SYN-bit's gravatar image

SYN-bit ♦♦
accept rate: 20%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 12 Dec '13, 11:56

question was seen: 1,323 times

last updated: 13 Dec '13, 03:11

p​o​w​e​r​e​d by O​S​Q​A