Wireshark-users: Re: [Wireshark-users] Decrypt SSL packets using master-key?

From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 25 Dec 2008 22:49:58 +0100
On Thu, Dec 25, 2008 at 12:45:54PM -0500, Alex wrote:
> Hi. I am using Wireshark 1.0.5 to capture a TLS session. The cipher
> used in the session is ADH-AES256-SHA, which means that there is no
> private key used on either end. Unfortunately Wireshark seems to only
> accept a private key to decrypt TLS sessions.

Those pesky DH ciphers ;-)

I usually try to either limit the ciphers that are presented by the
test-client or I limit the list of acceptable ciphers on the server for
troubleshooting purposes. Are you able to do so in your setup?

If not ...

> I have the master-key available, which is all I should need. If
> Wireshark does not possess this capability, is there a work around to
> decrypt these packets so I can analyze them?

Currently there is feature in Wireshark to accept master secrets of
individual SSL sessions. If the availability of master-keys would be
more general (as debugging output or something like that), it could
indeed be useful. You might want to file an enhancement request on
http://bugzilla.wireshark.org for it.

Just for my curiosity, what is your setup that allows you to export the
master secret?

Cheers,
    Sake