Wireshark-users: Re: [Wireshark-users] export the private key on Windows?
From: "Mark Roggenkamp" <[email protected]>
Date: Mon, 9 Apr 2007 14:13:42 -0400
Ah, yes. Thanks for the correction.

Something I read previously made me think some of the ciphersuites (perhaps the DH suites? - this is also where I was thinking client auth for some reason) required the server to send part of the keying material to the client (via the client's pub key), which would require the private key of the client to decode. I've never run into client auth or DH suites so they're a bit fuzzy to me; guess I'm making up things to fill in the blanks. :-)


On 4/9/07, Sake Blok <[email protected]> wrote:
On Mon, Apr 09, 2007 at 01:00:32PM -0400, Mark Roggenkamp wrote:
> Also, if the https session isn't using client auth then you probably only
> need the private key of the WebSeal host.

Even if the https-connection IS using a client-certificate, the private
key of the client-certificate is only used for authentication and is not
taking part in the encryption of the session. Only the private key of
the server-certificate is used to generate the session-keys :)


Wireshark-users mailing list
[email protected]