Forum Discussion

mikegray_198028

Icon for Cirrus rank

Cirrus

May 26, 2017

Decrypt TLSv2

Is there any option to decrypt TLSV2 traffic, using ssl dump or using key?

application delivery

Anthony_Graber
Employee
May 31, 2017
Do you mean TLS1.2? What are you trying to do?

https://support.f5.com/csp/article/K10209

Icon for Noctilucent rank

Noctilucent

Yes you can decrypt the data by specifying the path, Use SSLDUMP command,

ssldump -Aed -nr /var/tmp/yourpacketcapture.cap -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:www.site.com.key_1

dragonflymr
Cirrostratus
May 31, 2017
Hi,

Possibility to decrypt traffic depends on ciphers used. If RSA key exchange is used it should be possible to decrypt, if DH is used or any other Forward Secrecy or Perfect Forward Secrecy cipher suites then it is not possible.

It is not possible as well to decrypt resumed session. Capture must contain full SSL Handshake.

Piotr

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming