0

I am having difficulty decrypting tls1.2 messages in wireshark I have forced the client(.106) and server(.197) to negotiate to

here

which I believe is decryptable by just the servers private key which I have placed here here

In fact the change cipher spec apears to be tls decrypted here

However application data which is what I believe I want (its a chat application with the tls being supplied by nginx) is not decrypted

here

I think I am either confused and TLS_RSA_WITH_AES_128_CBC_SHA is not able to be decrypted with just the key and I need to force another algorith or I have put the key in incorrectly, or perhaps there is another key exchanged? Thanks for any help! This is for a simple learning poc so I have full access to both client and server.

Daniel HOuston
  • 1
  • 3
  • 3
    This isn't programming and I doubt it's development, but: ChangeCipherSpec is not encrypted to start with so it never needs to be decrypted. You appear to have several connections going on simultaneously which makes it hard to distinguish what is what, but the connection whose handshake is #7908,7909,7913 is using session resumption i.e. its master secret is reused from a _previous_ connection (for <=1.2), so if wireshark didn't see and decrypt that previous connection it can't decrypt this one. – dave_thompson_085 Jul 13 '23 at 18:03

0 Answers0