Hi, Does anyone know how to decrypt two way SSL connections? I have client and server private keys. Thanks asked 30 Sep '16, 13:23  Juniorr |
2 Answers:
You can add the certificates under Edit | Preferences | Protocols | SSL . You need to capture the entire conversation - including the initial handshake. There is a great presentation that goes into detail about it: https://www.wireshark.org/lists/wireshark-users/201001/msg00151.html answered 14 Oct '16, 15:02  Keseymour |
In a TLS session with mutual authentication there are two certificates involved:
The server certificate is used for authentication and may (or may not) be used for key exchange. The client certificate is used for authentication only. Practically speaking, if you only have only a private RSA key for the client, you cannot perform any decryption. If you have a private RSA key for the server and the server is agreeing on a RSA key exchange, you can configure the RSA private key at Preferences -> Protocols -> SSL -> RSA Keys list. Otherwise, if a Diffie-Hellman key exchange (instead of a RSA one) is in use, even posession of the RSA private key file will not allow you to decrypt the session (use the SSL Keylog file instead). answered 16 Oct '16, 13:31  Lekensteyn |
