Forum Discussion

Nimbostratus

Jun 20, 2016

unable to decrypt SSL traffic using private key

Hello Experts, I have a simple F5 LTM lab using Virtual Edition Lab License (F5-BIG-VE-LAB-LIC). Diagram: Client<--->F5<--->Server. Setup: SSL offload on the LTM. SSL access is workin...

application delivery

LTM

Kevin_Stewart

Employee

Jun 20, 2016

If that's the cipher string in the SERVERHELLO message, then you are indeed doing an RSA key exchange. So then I guess the next question is how are you doing the SSLDUMP? You have to start capturing at the beginning of a new SSL session, as a resumption or renegotiation will be encrypted with keys that you won't have. Try this:

ssldump -AdNn -i [VLAN or interface] -k [path to private key] port 443 [and any additional filters]

Does the private key require a passphrase? Do you get an error when you try to capture, or just not see any plaintext?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

unable to decrypt SSL traffic using private key

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Decrypting TLS traffic on BIG-IP

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

decrypted tcpdump capture without using an iRule and without using tshark

Decrypting BIG-IP Packet Captures Automatically

Decrypting BIG-IP Packet Captures without iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS