Wireshark-users: Re: [Wireshark-users] SSL decoding

From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 15 Jan 2009 15:46:09 +0100
On Tue, Jan 13, 2009 at 09:38:33AM +0100, Olaf Gellert wrote:
> 
> it seems that decoding of SSL streams depends on
> having the server key.

Yes, SSL sessions that use the RSA algorythm use the public/private
keypair of the server to encrypt the key exchange.
(the client uses the public key from the certifcate to encrypt the
pre-master secret before sending it to the server, this makes sure that
only the server can decrypt it).

> Is there any way to decode SSL streams with the clients key?

There is no clients key, unless you are using client certificates, but
in that case, the client key is only used in the Certificate Verify
message towards the server to prove that the client is actually
possessing the private key that matches the public key in the
certificate.

> Must be possible.
> In my case I am only on the client side...

If you can make the client dump debugging info amongst which is the
actual negotiated master secret, yes, then indeed it is possible... 
BUT, there is no code within Wireshark yet that lets you import the 
master secret, so even though theoretically possible, it will not be
possible with Wireshark.

Cheers,
     Sake