– Kamailio SIP Server –

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

tls:tls-decoding [2010/10/01 08:59] (current)
83.136.33.3 created
Line 1: Line 1:
 +====== Decoding of TLS Connections with Wireshark ======
 +
 +Wireshark can decode SSL/TLS sessions when the following conditions are fulfilled:
 +  * the private key of the TLS server is known (maybe both keys are needed if mutual TLS (=client certificate) is used?).
 +  * the TLS connections does not use a Diffie-Hellman cipher
 +  * Wireshark captures the TLS session from the beginning (handshake)
 +
 +Configure Wireshark to decode TLS:
 +  * Copy the server'​s private key to the PC running Wireshark. Configure Wireshark to use the key: 
 +
 +  * Edit → Preferences → Protocols → SSL → RSA Keys List: e.g.: ip.address.of.server,​5061,​sip,​c:​\key.pem
 +
 +  * If the server uses Diffie-Hellman (DH) Ciphers by default (depends on how openSSL was built) you should configure the server to use other ciphers. See
 +    * http://​www.kamailio.org/​docs/​modules/​3.0.x/​modules/​tls.html#​cipher_list and
 +    * http://​www.openssl.org/​docs/​apps/​ciphers.html
 +
 +  * To make sure you capture the handshake you should: 1. close the SIP client, 2. start Wireshark and start capturing, 3. start the SIP client.
 +
 +If you have problems decoding the TLS session you should enable debugging in Wireshark: Edit→Preferences→Protocols→SSL→SSL Debug File
 +
 +