While troubleshooting SSL optimization related issues, Riverbed support engineers need to decrypt the traces. The usual method to decrypt the traces is to use the server's private key. For security purposes, Riverbed would prefer that customers not share their private key.
How to decrypt SSL encrypted packet traces without the Private key?
Categories:
Solution Number:
S17255
Last Modified:
2021-11-02
Issue
Solution
Wireshark’s RFE 3444 is a nice feature that can help us in decrypting SSL traces from security conscious customers. It allows the export of symmetric session keys used for encryption of SSL sessions. These keys can then be used to decrypt the SSL traces without the need for the Private key from the server.
Steps to decrypt the SSL traces:
- Customer opens the capture file on their computer and uses the private key from the server to decrypt the capture using latest version of wireshark.
- Customer then exports all the SSL session keys used in that capture file from the File -> Export SSL session key menu. The resulting file is a text file.
- Customer then sends the capture file along with the exported SSL session keys file to Riverbed support using a secure medium
- Riverbed support engineer loads the capture file and then configures the wireshark to use the SSL session keys (Edit -> Preferences -> Protocols -> SSL) to decrypt the SSL payload.
The private key never leaves the customer’s premise.
The latest development version of wireshark can be found here: http://www.wireshark.org/download/automated/
More information on RFE 3444 can be found here - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444
You can see expected outcome on a short video linked below.
Environment
Steelhead's optimizing SSL encrypted applications
Related Bugs
Attachments
Related Files
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Can't find an answer? Create a case