I have server sertificate and key. I made dump. Key installed in wireshark preferences. I see Secure Socket Layer, TLS, Sertificates, but Encrypted Application Data still encrypted. 'Follow SSL' stream not works : How to extract and decode EAP messages? asked 06 Dec '16, 07:48  eri edited 06 Dec '16, 07:49 |
2 Answers:
I couldn't get this to work either, maybe someone can point us in the right direction. Until then, here are some links: https://wiki.freeradius.org/guide/stats-with-radsniff https://supportforums.cisco.com/blog/154046 http://security.stackexchange.com/questions/70981/decoding-tunnel-bytes-in-eap-tls-or-eap-ttls-using-wireshark I use radsniff now to get at the primary master keys for 802.11/WPA2 when using Enterprise authentication. It doesn't directly address what you wanted, decryption of the TLS tunnel, but it provides what I needed so maybe you would get lucky too. The Cisco link walks through a way to decrypt the tunnel in Radius packets, assuming you are not using DH. answered 06 Dec '16, 11:49  Bob Jones |
https://supportforums.cisco.com/blog/154046 very useful answered 08 Dec '16, 03:05 eri |
