[Oisf-users] realtime ssl/tls decryption
Alec Waters
Alec.Waters at dataline.co.uk
Mon Jul 30 14:59:45 UTC 2012
> Please let me know if you find this useful, as it might save me some time
> testing in my environment.
Keep in mind that this will only work if the SSL session is using the RSA keypair for session key agreement - if you're using Diffie Hellman for this purpose there is no way to decrypt the SSL, regardless of how many private keys you're in possession of.
See:
http://wirewatcher.wordpress.com/2010/07/20/decrypting-ssl-traffic-with-wireshark-and-ways-to-prevent-it/
...the bit at the bottom under "How to prevent decryption" talks about DH's impact on the decryption process.
alec
--
Alec Waters CCNP - Infrastructure Manager - Dataline Software Ltd
Dataline does more than just Software!
Read about our network security and forensics work here:
http://wirewatcher.net/blog
More information about the Oisf-users
mailing list