Hi Stephen,
Thanks for mentioning this article, I found them before posting to the list.
It won't work, because I'm capture traffic between an iOS device (not jailbroken) and a Linux server, there's no such thing as SSLKEYLOGFILE to use here.
Any suggestions?
On Monday, 18 December 2023 at 12:32 AM, Wall, Stephen <stephen.wall@xxxxxxxxxx> wrote:
Read this web page for a good summary on decrypting with wireshark.
https://www.packetsafari.com/blog/2022/10/07/wireshark-decryption/
Basically, if the captured pcap file uses RSA handshake, you can decrypt it. If is uses ephemeral Diffie-Hellman, you can’t, you need to have also captured the ephemeral keys via a separate mechanism while the handshake is taking place.
RSA is very uncommon these days as it’s considered less secure.