Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Mar 09, 2018

SSLDUMP "OpenSSL: decryption enabled." meaning..

I was playing with SSLDUMP in our lab-F5. I tried the Below command to capture some SSL Traffic. "SSLDUMP -r /path/xxx.pcap -i (interface) -dn host x.x.x.x". As a Result I got below message, "...

application delivery

Icon for Cirrus rank

Cirrus

Apr 19, 2018

I've found it much more useful to do a tcpdump first, then read the pcap file with ssldump. It also gives you more flexibility to analyze the dump with Wireshark as well as convert it through ssldump.

tcpdump -vvnni 0.0:nnnp -s0 host ip_address -w /shared/tmp/file.pcap

This command captures end-to-end packets that can be traced using the F5 plugin for Wireshark.

This is also included in a script I published today.

Finally (If you have access to the key):

ssldump -Aednr /var/tmp/file.pcap -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:file.key__ > /shared/tmp/file.txt

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming