On Wed, Oct 29, 2008 at 01:29:28PM -0600, Stephen Fisher wrote:
> On Wed, Oct 29, 2008 at 01:34:12PM -0400, loki74 wrote:
>
> > We are having trouble getting SSL decyrption to work fully on the
> > Windows Platform.
> > Currently, we are capture all data on an individual web server, that
> > server then opens an SSL connection to another server. We have the
> > keys for both servers, wireshark seems to be able to only decrypt data
> > that terminates at the server were we capture. I see the client
> > Hello, etc from the originating server to the new destination
> > server;however the decryption fails. Is there a reason for this?
>
> How are the keys listed in the SSL preferences?
To be able to decrypt SSL traffic you need the following:
- The private key corresponding to the server certificate needs
to load into Wireshark succesfully (check the ssl debug file)
- The full SSL negotiation needs to be in the tracefile, ie if you
see "ClientHello, ServerHello, ChangeCipherSpec", then the SSL
session was reused.
- A non-DH cipher needs be be chosen by the server (see the ServerHello
message for the chosen cipher).
Do any of these requirements fail for the server-to-server connection?
Hope this helps,
Cheers,
Sake
