Forum Discussion
Piotr_Lewandows
Altostratus
AltostratusResumed SSL session and decryption
Hi,
I tried to figure out if there is a way to decrypt resumed SSL session in Wireshark if first session with full SSL handshake (including pre-master key exchange) is not captured.
Seems t...
Hi Piotr,
Very good question. I've always been under the impression the pre-master secret is the 'key' to deriving the master as well. However, in looking at the way the master is generated, it seems the randoms from original client and server hellos are required as well:
master_secret = PRF(pre_master_secret, "master secret",
ClientHello.random + ServerHello.random)
https://tools.ietf.org/html/rfc5246section-8.1
Would be interesting to hear some additional thoughts.
Kevin
Below stating "session's master_secret" seem to indicate new randoms are associated with an existing master_secret:
When a connection is established by resuming a session, new ClientHello.random and ServerHello.random values are hashed with the session's master_secret.
https://tools.ietf.org/html/rfc5246appendix-F.1.4
But the question remains (for me); does Wireshark need the randoms from the initial, full handshake?