developer learn999
Reputation: 395
Wireshark Decryption of TLS V1.2
I have traffic between clients (which send XML over HTTPS) to my IIS.
I tried to decrypt the traffic using Wireshark and the following settings:
Adding the private key:
But even after setting this, I can't see the decrypted data:
Should I change any other settings to see the original data?
Upvotes: 11
Views: 29804
Answers (1)
Adi Dembak
Reputation: 2536
There is strong possibility that a Diffie-Hellman (DH) key exchange is being used here. In that case Wireshark cannot decipher SSL/TLs with a private key. You can check for this in the handshake packet.
From the Docs:
The RSA private key file can only be used in the following
circumstances:
- The cipher suite selected by the server is not using (EC)DHE.
- The protocol version is SSLv3, (D)TLS 1.0-1.2. It does not work with TLS 1.3.
- The private key matches the server certificate. It does not work with the client certificate, nor the Certificate Authority (CA)
certificate.- The session has not been resumed. The handshake must include the ClientKeyExchange handshake message.
Upvotes: 5
Related Questions
- Decrypt TLS traffic from mobile application
- Unable to decrypt TLS 1.3 packets with the keys got using SSL_CTX_set_keylog_callback openssl API in Wireshark
- Decrypt TLS Traffic from PCAP
- Decrypting SSL/TLS traffic from a app with Wireshark
- MitmProxy Transparent Proxy + Wireshark - Decrypting TLS 1.3 Traffic
- how to decrypt the TLS/SSL package content in wireshark pcapng log file?
- TLS1.3 version mismatch
- Cannot decrypt HTTPS Traffic with Wireshark
- Decrypting HTTPS traffic in Wireshark not working
- Decrypt TLS https data traffic