Wireshark · Wireshark-users: Re: [Wireshark-users] SSL Decryption

Wireshark-users: Re: [Wireshark-users] SSL Decryption

From: "Kukosa, Tomas" <tomas.kukosa@xxxxxxxxxxx>

Date: Fri, 10 Aug 2007 21:57:22 +0200

Hi,
 
it is possible to decrypt the session if you retrieve somehow from client the master secret and some addtional information.
There is not whole mechanism for it in the Wireshark now but there is function ssl_set_master_secret(). If you pass all necessary information to this function it can decrypt the session even from the middle.
 
Regards,
 Tomas

________________________________

Od: wireshark-users-bounces@xxxxxxxxxxxxx za uživatele Derek Shinaberry
Odesláno: pá 10.8.2007 15:07
Komu: wireshark-users@xxxxxxxxxxxxx
Předmět: [Wireshark-users] SSL Decryption



Can someone help me understand why you must have the server's private 
key in order to be able to decrypt the session between the client and 
the server?  It seems to me that if the server and client can conduct 
the session without the client ever knowing the server's private key, 
then a capture of the session on the client's side ought to be able 
to decrypt the session using just what is in the SSL handshake 
exchange.  What don't I understand about the process that precludes 
this behavior?

Thanks,
Derek
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

References:
- [Wireshark-users] SSL Decryption
  - From: Derek Shinaberry

Prev by Date: Re: [Wireshark-users] SSL Decryption
Next by Date: [Wireshark-users] How does one post a message in reply to an existing thread?
Previous by thread: Re: [Wireshark-users] SSL Decryption
Next by thread: [Wireshark-users] HTTP not captured
Index(es):
- Date
- Thread