Revision history [back]
On a linux server one can use "openssl s_server" in order to obtain the keys. I used the command
# openssl s_server -port 443 -cert <path to cert.pem> -key <path to privkey.pem> -CAfile <path to chain.pem> -keylogfile <path to keylog file>
The values in < ...> have to be replaced by your settings. The schedule for decrypting TLS traffic is:
- start the openssl s_server by the command above
- start capturing with Wireshark
- establish TLS connection to the openssl server (e.g. send https message)
- stop capturing
- in wireshark: "edit -> preferences -> protocols -> TLS -> (pre)-master-secret log filename" select the keylog file from 1.
Then the messages are decrypted by Wireshark.