For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

smp_86112's avatar
smp_86112
Icon for Cirrostratus rankCirrostratus
Jul 01, 2010

SSL Decryption with Wireshark - Cached Certificate?

I know it is possible to decrypt an HTTPS conversation between a client and a virtual server with Wireshark - I've done it before by specifying a couple of parameters in the SSL protocol preferences (...
management
monitoring
smp_86112's avatar
smp_86112
Icon for Cirrostratus rankCirrostratus
Jul 19, 2010

That's what I thought too, but had some difficulty. However my methodology must have been incorrect somewhere, because I just tried it again and it worked. I captured an SSL session with tcpdump, configured Wireshark with the private key, and validated unsuccessful decryption with the error I have already noted. Then I changed the Cache Size value in the Client SSL Profile that is applied to the VS from the default (20000) to zero, and did another capture. This time Wireshark was was able to successfully decrypt.

 

 

Thanks for confirming my understanding hoolio. This is a great tip if you need to decrypt in a pinch without having access to the client.