Decrypting TLS with the tcpdump sslprovider

I will share my script to decrypt TLS on the F5 v15+. You do not need to change any TLS oder cipher settings, have access to private keys or add special iRules. It should work out of the box with all TLS versions.

It uses the information that the tcpdump sslprovider from F5 writes into the dump.

The script itself and the usage is documented in the GitHub repository.

https://github.com/JuergenMang/f5-tls-decrypt

Feel free to propose enhancements to the documentation or script itself.

Published Jul 20, 2022

Version 1.0

application delivery

Juergen_Mang

MVP

Joined July 03, 2020

View Profile

2 Comments

LiefZimmerman
Admin
Jul 20, 2022
Thanks for the contribution to the community Juergen_Mang!
Juergen_Mang
MVP
Jan 16, 2025
Today I updated my repository. The startdump.sh integrates now the editcap call and creates an unencrypted tcpdump file that you can simply open with Wireshark.

https://github.com/JuergenMang/f5-tls-decrypt

This was tested with F5 version 17 only.

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Decrypting TLS with the tcpdump sslprovider

2 Comments

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS