You will find logfile.log contains a series of lines along the lines of CLIENT_RANDOM - you can find these documented here. To do this run: $ export SSLKEYLOGFILE=/path/to/logfile.log If you have access to the client side making the connections and the browser is Firefox (or, I believe, based on NSS), you can dump ephemeral keys established for any site. In that case, you will need either the negotiated "master secret", or to use the server private key to actively intercept the connection (in a Man-in-the-Middle setup). There is an important parameter to mind: decryption of a passively recorded session (with a copy of the server private key) works only if the key exchange was of type RSA or static DH with "DHE" and "ECDHE" cipher suites, you won't be able to decrypt such a session, even with knowledge of the server private key. You may have better chance with Wireshark, which has ample documentation on how to use it to decrypt recorded sessions. OpenSSL is a library that implements the protocol, but is not meant for analysing a recorded session.
TLS 1.1 was published in 2006, and TLS 1.2 in 2008.
Ssldump is supposed to be able to do that, but it appears to be unmaintained (in the source archive of the latest version, the date of last modification of all files are in 2002 or before) so it is quite possible that it won't support newer SSL/TLS actually, it is highly implausible that a software from 2002 could process the new encryption formats defined in TLS 1.2 (AES/GCM).
0 kommentar(er)
