Hi, does anyone have any solution to decrypt captures with Abbreviated SSL handshake (RFC 2246). What happens in a Abbreviated SSL handshake? From a previous SSL connection the client caches the session ID and resends it to the server to setup a new connection, so insted of the full SSL handshake where the keys are exchanged ,here only the session ID's are exchanged which makes it impossible to decrypt. We require help on this as we are seeing more of this in our environment asked 01 Nov '11, 22:46  deepacket |
One Answer:
As the session keys are cached, you either need to make sure you capture the full SSL handshake for the resumed SSL session or you need to make the client or server dump the keying material. Without either of those two, you are out of luck. answered 06 Nov '11, 09:20  SYN-bit ♦♦ |
