Forum Discussion
smp_86112
Cirrostratus
CirrostratusSSL Decryption with Wireshark - Cached Certificate?
I know it is possible to decrypt an HTTPS conversation between a client and a virtual server with Wireshark - I've done it before by specifying a couple of parameters in the SSL protocol preferences (...
smp_86112Cirrostratus
CirrostratusThat's what I thought too, but had some difficulty. However my methodology must have been incorrect somewhere, because I just tried it again and it worked. I captured an SSL session with tcpdump, configured Wireshark with the private key, and validated unsuccessful decryption with the error I have already noted. Then I changed the Cache Size value in the Client SSL Profile that is applied to the VS from the default (20000) to zero, and did another capture. This time Wireshark was was able to successfully decrypt.
Thanks for confirming my understanding hoolio. This is a great tip if you need to decrypt in a pinch without having access to the client.
