Decrypting SSL/TLS

So far we have learned how the SSL/TLS protocol encrypts traffic and maintains confidentiality. In the next section, we will cover how Wireshark helps to decrypt SSL/TLS traffic.

Decrypting RSA traffic

Decryption of TLS traffic depends upon which cipher suite was chosen by the server in the Server Hello message. Open the file decrypt-ssl-01.pcap and look for the cipher selected by the server. In this case the TLS_RSA_WITH_AES_256_CBC_SHA cipher suite was used; since this is RSA, we can decrypt the packet using our private key.

Now go to Edit | Preferences | Protocol | SSL, add the new RSA key, and configure the following properties of the RSA key dialog box:

The Private key file (here, server.key, which is used by the server).

Get Packet Analysis with Wireshark now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Packet Analysis with Wireshark by Anish Nath

Decrypting SSL/TLS

Decrypting RSA traffic

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly