Wireshark-users: Re: [Wireshark-users] Using private key and cert to decrypt HTTPS traffice betwe

From: "Wall, Stephen" <stephen.wall@xxxxxxxxxx>
Date: Sun, 17 Dec 2023 16:32:50 +0000

Read this web page for a good summary on decrypting with wireshark.

https://www.packetsafari.com/blog/2022/10/07/wireshark-decryption/

Basically, if the captured pcap file uses RSA handshake, you can decrypt it.  If is uses ephemeral Diffie-Hellman, you can’t, you need to have also captured the ephemeral keys via a separate mechanism while the handshake is taking place.  RSA is very uncommon these days as it’s considered less secure.