Forum Discussion
Sep 08, 2019
Hello.
Have you checked that the server hello message ciphersuite has selected with a RSA exchange?
cipherSuite TLS_RSA_WITH_...
Remember this:
"Depending on the cipher negotiated, the ssldump utility may not be able to derive enough information from the SSL handshake and the server’s private key to decrypt the application data. Examples of such SSL ciphers would be the Diffie-Hellman Ephemeral (DHE) cipher suites and export-grade RSA cipher suites"
REF - https://support.f5.com/csp/article/K10209
BTW, In my case I don't use ssldump to get the pms anymore. I use this now -> https://support.f5.com/csp/article/K12783074
KR,
Dario.