For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rafaelbn_176840's avatar
rafaelbn_176840
Icon for Altocumulus rankAltocumulus
Jan 27, 2019

Troubleshooting PFS - BIG-IP Feature Request?

Hello all!   Ever since I heard of PFS I started dreading the day I would need to troubleshoot a PFS flow.   I read some interesting suggestions of how to deal with it. One could make SSL bridg...
application delivery
BIG-IP
LTM
DennisJann's avatar
DennisJann
Icon for Nimbostratus rankNimbostratus
Jan 31, 2019

You can capture the SSL session keys with an iRule while running tcpdump on the BIG-IP, and then use the Master Secret log file to view the decrypted tcpdump data in Wireshark.

 

K16700: Decrypting SSL traffic using the SSL::sessionsecret iRules command

 

The instructions in the KB article do work for decrypting PFS sessions.

 

If your HTTPS VIP is running on a non-standard port, you would need to go into Wireshark preferences and add the non-standard HTTPS port in Protocols > HTTP > SSL/TLS Ports.