This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I got an SSL trace file ran on a traffic generator which is copied to my local machine. I know the way to navigate wireshark for decrypting the SSL traffic but confused with what key/cert i need to feed as input to wireshark(RSA KEY LIST/Keys) in this case . Here is the bunch of information i got.

Client certificate

Client Private key

Server ca cert

I came to know that the file should be converted to .pem for wireshark to decrypt. Please let me know which one to pick from above 3 for decryption.

Thanks

asked 03 Jul '14, 15:39

krishnayeddula's gravatar image

krishnayeddula
629354148
accept rate: 6%


Have a look at the Wireshark wiki on SSL. You need to add a private key. The certificates (both CA and client/server) are useless as they are already sent over the wire and do not contains decryption keys anyway.

Be aware of some possible limitations. In particular the choice of cipher suites, PFS cipher suites (the (EC)DHE ones) cannot be decrypted even if you posess the private key. If you have access to the Pre-Master secrets, then you do not have this limitation, but it will require cooperation from the application to get these keys.

permanent link

answered 04 Jul '14, 01:22

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×56

question asked: 03 Jul '14, 15:39

question was seen: 59,556 times

last updated: 04 Jul '14, 01:22

p​o​w​e​r​e​d by O​S​Q​A