Forum Discussion
AltocumulusCapturing Pre-Master Secret (Symmetric key) using ssldump utility
Hello all,
I have been testing the ssldump utility to try and decrypt TLS traffic on the server-side but I cannot get the ssldump utility to capture the RSA Session Keys and output them to a .pms file as per https://support.f5.com/csp/article/K10209
I can successfully capture the PMS when I perform the same function on the Client-side (where the F5 is the Server) but not on the Server-side (where the F5 is the Client).
I can capture the PMS using an iRule on the Server-side and then use this to decrypt the server-side TLS but I want to be able to do this without an iRule as per the SOL doc.
I have tuned the Server-side SSL Profile to not use existing TLS sessions to ensure a new Session Key is negotiated each time, and I also use an Incognito browser to make double sure this is the case. I have also forced the ServerSSL Profile to use only non-ECDHE ciphers as I know ssldump cannot decrypt these.
The ssldump utility runs without error but the PMS file is always blank for server-side sessions
I am starting to think this may be a limitation of the ssldump utility i.e. not able to derive the symmetric key when the F5 is the Client!
Any help would be greatly appreciated
Cheers,
David
tcpdump to capture the server-side traffic
tcpdump -i vlan_100_internal -vvv -nnn host 10.0.100.9 and host 10.0.100.41 -s0 -w /var/tmp/server_ssl_3.cap (where .9 is F5 SNAT and .41 is WebServer)
ssldump referencing the tcpdump
ssldump -r /var/tmp/server_ssl_3.cap -k /config/filestore/files_d/Common_d/certificate_key_d/\:Common:my_serversidessl.key_80077_1 -M /var/tmp/server_ssl_3.pms
Dario_GarridoNoctilucent
Hello.
Have you checked that the server hello message ciphersuite has selected with a RSA exchange?
cipherSuite TLS_RSA_WITH_...Remember this:
"Depending on the cipher negotiated, the ssldump utility may not be able to derive enough information from the SSL handshake and the server’s private key to decrypt the application data. Examples of such SSL ciphers would be the Diffie-Hellman Ephemeral (DHE) cipher suites and export-grade RSA cipher suites"
REF - https://support.f5.com/csp/article/K10209
BTW, In my case I don't use ssldump to get the pms anymore. I use this now -> https://support.f5.com/csp/article/K12783074
KR,
Dario.
canttalkeatingHi Dario,
Thanks for the reply.
I had forced the Server-side connection to use a cipher that ssldump can understand:
BIG-IP to Web Server
New TCP connection #1: 10.0.100.9(34913) <-> 10.0.100.41(443)
1 1 0.0010 (0.0010) C>S Handshake
ClientHello
Version 3.3
cipher suites
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression methods
NULL
Web Server to BIG-IP
1 2 0.0021 (0.0010) S>C Handshake
ServerHello
Version 3.3
session_id[32]=
de a8 c1 05 4f 25 f0 fc 5d ee 9c b1 d1 8c 20 63
4e 97 3a c7 f4 5d 4a 91 f0 db 4b 57 57 65 d2 e6
cipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256
compressionMethod NULL
extensions
renegotiation_info
In production I also use the iRule to gather the RSA Session ID too which works fine on the server-side I just wanted to know if applying an iRule wasn't an option if this could be done with the SSLDump Utility
Cheers,
David
- Dario_Garrido
Hello.
Could you check if your ServerKeyExchange message is has a "not negotiated" value?
BTW, I recommend you this link to see interesting tips about ssldump
REF - https://packetpushers.net/using-ssldump-decode-ssltls-packets/
KR,
Dario.
- canttalkeating
Hi Dario,
There isn't a ServerKeyExchange in this flow only a ClientKeyExchange. The only time a ServerKeyExchange would be sent from the back-end server would be if we were using Diffie-Helman ciphers which allows the Client instigating the connection to obtain more information from the Server in order to derive a PreMaster Secret (symmetric key).
Thanks for link, i'll give it a good read over
Cheers,
David