Decrypting TLS with the tcpdump sslprovider
I will share my script to decrypt TLS on the F5 v15+. You do not need to change any TLS oder cipher settings, have access to private keys or add special iRules. It should work out of the box with all TLS versions.
It uses the information that the tcpdump sslprovider from F5 writes into the dump.
The script itself and the usage is documented in the GitHub repository.
https://github.com/JuergenMang/f5-tls-decrypt
Feel free to propose enhancements to the documentation or script itself.
2 Comments
- LiefZimmerman
Admin
Thanks for the contribution to the community Juergen_Mang!
- Juergen_Mang
MVP
Today I updated my repository. The startdump.sh integrates now the editcap call and creates an unencrypted tcpdump file that you can simply open with Wireshark.
https://github.com/JuergenMang/f5-tls-decrypt
This was tested with F5 version 17 only.
