Hi,
 
I am wondering whether the TLSv1 traffic for the webapp I am
working on can be decrypted. More precisely I am interested in decrypting the
traffic that contains HTTP messages.
 
Here’s the environment info:
o IE (but I can use Firefox if needed) talking to a JBoss-contained
webapp
o all traffic over SSL (TLSv1)
o TLS’s “Server Hello”-message says:
Secure Socket Layer
    TLSv1 Record Layer: Handshake Protocol:
Server Hello
        Content Type:
Handshake (22)
        Version: TLS 1.0
(0x0301)
        Length: 74
        Handshake
Protocol: Server Hello
           
Handshake Type: Server Hello (2)
            Length:
70
           
Version: TLS 1.0 (0x0301)
           
Random
           
Session ID Length: 32
           
Session ID: DFC934A0A89626A9FF048DBC2D9B9595EFE88AFEB078E06D...
           
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
            Compression
Method: null (0)
 
I saw a blog post somewhere discussing that you can “pass”
the path to the file which stores the negotiated encryption key to wireshark
and (given that wireshark has been linked against a given library) get the
encrypted payload decrypted. I don’t know if this applies to my scenario
(not sure whether IE writes the key to the file system,…)…
 
Thanks for your help,
-nik