I am trying to decrypt SSL traffic between a client and my server. I have added my server's private key to wireshark, and I can decrypt data that I send from a test app on my local LAN. I see the following ssl packets: client hello server hello, certificate, server hello done client key exchange, change cipher spec, finished change cipher spec, finished HTTP data But when I can't decrypt data from a different client. I see these ssl packets client hello server hello, change cipher spec, encrypted handshake message change cipher spec, encrypted handshake message, application data application data There is nothing in the \data\debug_file.txt that indicates that a DH key exchange is going on? Can someone explain why the two different clients are behaving differently. Is there something on the IIS side I can do to force the clients to connect the same way? asked 18 Dec '14, 10:44  cslewis2014 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
What cipher is being used? You can see this in the server hello.
It appears to be TLS_RSA..