This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

In almost every blog I read about ssl decryption with Wireshark, I found the following limitation:

Wireshark wont be able to decrypt ssl traffic if Diffie-Hellman Ephemeral (DHE) or RSA Ephemeral is negotiated between the two communication parties.

It seems that even ssl Wireshark's wiki supports that. I'm curious and wolud like to know why Wireshark has such that limitation?

Thank you!

asked 21 Oct '14, 03:27

flora's gravatar image

flora
156313338
accept rate: 100%

edited 10 Nov '14, 10:05


I'm curious and wolud like to know why Wireshark has such that limitation?

That's not a 'limititation' of Wireshark (in the sense, the developers are not able to implement it), it's the way how the Diffie Hellman algorithm works.

If you are using a SSL/TLS handshake without DH, the session key gets encrypted with the public (RSA) key of the server (more or less!!). So, if you have access to the private key of the server, you will be able to decrypt the session key and thus decrypt the whole SSL/TLS session.

With Diffie Hellman, the session key will never be transmitted (it's being calculated on both sides), so you won't be able to intercept it and use it for decryption of the session. That's what Diffie Hellman was developped for. Securely establishing a base crypto key that both parties can use, but nobody else. I recommend the book "Applied Cryptography" if you are interested in all the details.

Having said that, there is no technical way to decrypt an SSL/TLS session where DH was used, unless one of the parties (client or server) discloses the session key (not the DH key!!).

Regards
Kurt

permanent link

answered 21 Oct '14, 04:31

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 21 Oct '14, 06:45

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×319
×165
×2

question asked: 21 Oct '14, 03:27

question was seen: 9,110 times

last updated: 10 Nov '14, 10:05

p​o​w​e​r​e​d by O​S​Q​A