1

I search google for a tool to decode https traffic and get the ssldump with examples like:

ssldump -k xxx.pem  -i eth0 -d host example.com

I wonder what the key file xxx.pem is. On the server hosting example.com, the file is what is specified by SSLCertificateKeyFile in httpd.conf, right?(but I have no luck decrypting the traffic on server using that key file). On client side, what file should I use as the key file? If I want to decrypt the traffic between my machine and https://google.com, I certainly cannot get the private key for google.com. And I don't think a client uses a private key file to encrypt/decrypt the data in https.

Romeo Ninov
  • 5,263
  • 4
  • 20
  • 26
peter
  • 93
  • 13
  • 1
    Make sure that key file contains only private key. Make sure that the captured file contains ssl handshake as well – kofemann Nov 15 '22 at 17:53
  • @kofemann The key file is issued by letsencrypt. All content is contained within -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----. From the ServerHello message, I can see the cipherSuite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. Does ssldump support that cipherSuite? – peter Nov 18 '22 at 14:51

0 Answers0