Forum Discussion

Cirrostratus

Jul 01, 2010

SSL Decryption with Wireshark - Cached Certificate?

I know it is possible to decrypt an HTTPS conversation between a client and a virtual server with Wireshark - I've done it before by specifying a couple of parameters in the SSL protocol preferences (...

management

monitoring

smp_86112

Cirrostratus

Jul 19, 2010

That's what I thought too, but had some difficulty. However my methodology must have been incorrect somewhere, because I just tried it again and it worked. I captured an SSL session with tcpdump, configured Wireshark with the private key, and validated unsuccessful decryption with the error I have already noted. Then I changed the Cache Size value in the Client SSL Profile that is applied to the VS from the default (20000) to zero, and did another capture. This time Wireshark was was able to successfully decrypt.

Thanks for confirming my understanding hoolio. This is a great tip if you need to decrypt in a pinch without having access to the client.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL Decryption with Wireshark - Cached Certificate?

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Need to make 2 Virtual Appliance in r4600 F5

Disabling signature for a URL

XC - geo LB to the origin servers

F5 LACP

Terraform LTM provider - ICMP disabled on resulting VIPs

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Understanding IPSec IKEv1 negotiation on Wireshark

Understanding IPSec IKEv2 negotiation on Wireshark

Automating Certificate Management on F5 BIG-IP

Decrypting TLS traffic on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS