Wireshark-users: Re: [Wireshark-users] how to decrypt TLSv1 traffic
From: "Nik Kolev" <[email protected]>
Date: Tue, 10 Jun 2008 12:39:37 -0400
> On Mon, Jun 09, 2008 at 04:23:49PM -0400, Nik Kolev wrote:
> >
> > I saw a blog post somewhere discussing that you can "pass" the path
> > the file which stores the negotiated encryption key to wireshark and
> > (given that wireshark has been linked against a given library) get
> > encrypted payload decrypted. I don't know if this applies to my
> > (not sure whether IE writes the key to the file system,...)...
> With most ciphers (including the one that was chosen in the
> displayed server-hello), wireshark can do the decryption when it
> you supply the private key of the server (see the ssl protocol
> preferences).

[Nik Kolev] Aaaaaaa, I misread the post - thought that you can supply
the negotiated for the particular session key. But private key would
work as well - assuming the IT police at my company will hand it to
Thanks for clarifying things,