I have a PCAP of TLSv1.2 traffic that I am attempting to decrypt. Since I have access to the server, I was able to copy it's private key. I would like to ask what should I do know to be able to decrypt this traffic. I did add the key to the properties page for the SSL protocol under the key section. The election that I provided was the server IP address, port 443 and protocol http with the link to the location of the .key file. After doing this I saved it and returned to the data and proceeded to follow the stream but to no avail since the data did not decrypt. Is there something that I am missing. Should I be using a file with a different extension?? Any assistance would be greatly appreciated. Thank you Jesus asked 25 Jan '17, 20:43  jdpadro |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
you should create the log file and post it here as that would help everyone to understand whats going on. In the SSL protocol preferences, there is a field where you can specify where to save the log file.