When SSL/TLS is in use, Wireshark only sees encrypted data by default. This is a problem, if one wants to use Wireshark to inspect and view an SSL/TLS handshake protocol transcript. To make SSL/TLS traffic accessible to Wireshark, it is necessary to make the keying material used by the SSL/TLS session available to Wireshark. This can be done by configuring the operating system-level environment variable SSLKEYLOGFILE point to a file (that causes some browsers to deposit the SSL/TLS keys they use in this file), and configuring Wireshark to make use of this file. A respective description from Comapitech is available here.
Is it possible to have Wireshark decrypt SSL/TLS traffic?
This entry was posted in Uncategorized. Bookmark the permalink.