Using a private key to decrypt SSL traffic should only be done to debug application problem. This blog entry will outline the steps to decrypt SSL traffic. If you have access to the private key, Open SSL and WireShark installed then it is possible to decrypt the SSL traffic and see the traffic in the clear within WireShark. In order to do this, find the CLIENT_HELLO frames of the sessions of interest in Wireshark and match the Random bytes to the lines in the an application problem is very difficult when the network traffic is going via HTTPS (SSL). This will only allow the chosen sessions to be decrypted by the third party.
If you need to limit the scope of the information given to a third-party for debugging, you can only copy a subset of the lines from the file. The sslkeyfile.log will contain the master secret for all sessions inbound and outbound from DataPower. Note: only sessions that have captured the full SSL keyexchange consisting of CLIENT_HELLO and SERVER_HELLO can be properly decrypted. If packets are not decrypting properly, you can enable a debug output file under “Preferences -> Protocols -> SSL”: Now load the packet capture file using “File -> Open” to see that the TLS sessions containing a complete TLS handshake are now decrypted automatically. If you’re using a non-standard port for HTTPS, update “Preferences -> Protocols -> HTTP” as shown below: In the (Pre)-Master-Secret log filename input, specify the location of the sslkeyfile.log copied from DataPower: Open Wireshark and from the menu select “Preferences -> Protocols -> SSL”. Stop the packet capture and copy logtemp:///sslkeyfile.log and temporary:///capture.pcap to a system running Wireshark: Once the packet capture is started the system will begin logging the private master secret information to logtemp:///sslkeyfile.log System administrators have the option to enable this feature when starting a network packet capture:
0 kommentar(er)
