Forum Discussion
Bartek
Cirrus
CirrusDecrypting SSL traffic - PMS and egress
Hi - two questions combined. Background - trying to catch and decipher tcpdump both for Client -> VIP and F5-> Pool Members traffic I'm following this tutorial: Decrypt with tcpdump --f5 ssl I ma...
Juergen_Mang
MVP
MVPYou must use tshark NOT wireshark to Automate Pre Master Secret File Creation.
This solution and the solution from CA_Valli does NOT work for TLS 1.3
To capture backend traffic also you must use the "-i 0.0:nnnp" option for tcpdump.
But it is possible to decrypt TLS 1.3 also, you must extract following fields from the dump:
- CLIENT_EARLY_TRAFFIC_SECRET
- CLIENT_HANDSHAKE_TRAFFIC_SECRET
- SERVER_HANDSHAKE_TRAFFIC_SECRET
- CLIENT_TRAFFIC_SECRET_0
- SERVER_TRAFFIC_SECRET_0
In my tests tshark fails to dump this correctly. My old plan is to create a GitHub repo to upload my script that extracts all pre master secrets for all tls versions.
David_LarsenEmployee
You can decrypt TLS1.3 with iRule method but you have to use the correct iRule as here: https://clouddocs.f5.com/training/community/adc/html/class4/module1/lab12.html#decrypt-ssl-with-irule.