Differences
This shows you the differences between two versions of the page.
|
tls:tls-decoding [2010/10/01 08:59] 83.136.33.3 created |
tls:tls-decoding [2010/10/01 08:59] (current) 83.136.33.3 created |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Decoding of TLS Connections with Wireshark ====== | ||
| + | |||
| + | Wireshark can decode SSL/TLS sessions when the following conditions are fulfilled: | ||
| + | * the private key of the TLS server is known (maybe both keys are needed if mutual TLS (=client certificate) is used?). | ||
| + | * the TLS connections does not use a Diffie-Hellman cipher | ||
| + | * Wireshark captures the TLS session from the beginning (handshake) | ||
| + | |||
| + | Configure Wireshark to decode TLS: | ||
| + | * Copy the server' | ||
| + | |||
| + | * Edit → Preferences → Protocols → SSL → RSA Keys List: e.g.: ip.address.of.server, | ||
| + | |||
| + | * If the server uses Diffie-Hellman (DH) Ciphers by default (depends on how openSSL was built) you should configure the server to use other ciphers. See | ||
| + | * http:// | ||
| + | * http:// | ||
| + | |||
| + | * To make sure you capture the handshake you should: 1. close the SIP client, 2. start Wireshark and start capturing, 3. start the SIP client. | ||
| + | |||
| + | If you have problems decoding the TLS session you should enable debugging in Wireshark: Edit→Preferences→Protocols→SSL→SSL Debug File | ||
| + | |||
| + | |||
