Forum Discussion
Piotr_Lewandows
Altostratus
AltostratusResumed SSL session and decryption
Hi,
I tried to figure out if there is a way to decrypt resumed SSL session in Wireshark if first session with full SSL handshake (including pre-master key exchange) is not captured.
Seems t...
Hi Piotr,
Very good question. I've always been under the impression the pre-master secret is the 'key' to deriving the master as well. However, in looking at the way the master is generated, it seems the randoms from original client and server hellos are required as well:
master_secret = PRF(pre_master_secret, "master secret",
ClientHello.random + ServerHello.random)
https://tools.ietf.org/html/rfc5246section-8.1
Would be interesting to hear some additional thoughts.
Kevin
Based on what I'm seeing in RFC5246, this would be a more complete statement:
generated by both sides using shared pre-master secret and the client_random and server_random headers exchanged during the initial SSL handshake.