[Oisf-users] realtime ssl/tls decryption

Alec Waters Alec.Waters at dataline.co.uk
Mon Jul 30 14:59:45 UTC 2012


> Please let me know if you find this useful, as it might save me some time
> testing in my environment.

Keep in mind that this will only work if the SSL session is using the RSA keypair for session key agreement - if you're using Diffie Hellman for this purpose there is no way to decrypt the SSL, regardless of how many private keys you're in possession of. 

See:

http://wirewatcher.wordpress.com/2010/07/20/decrypting-ssl-traffic-with-wireshark-and-ways-to-prevent-it/

...the bit at the bottom under "How to prevent decryption" talks about DH's impact on the decryption process.

alec

-- 
Alec Waters CCNP - Infrastructure Manager - Dataline Software Ltd 

Dataline does more than just Software! 
Read about our network security and forensics work here: 
http://wirewatcher.net/blog 



More information about the Oisf-users mailing list