Applying SSL decryption to packets
You can apply a particular key set to decrypt SSL encrypted packets in a capture window. There are four pieces of information that are needed to decrypt SSL encrypted packets:
• The IP address of the server
• The port being used for SSL data
• The file path to a PEM file (*.pem) that contains the server’s SSL private key
• The password to decrypt the private key if it is encrypted
NOTE: Ciphersuites that use ‘Diffie Hellman’ or ‘Ephemereal Diffie Hellman’ are not currently supported.
To apply or edit SSL decryption in the packets tab:
1. Make sure the capture is stopped (for example, click from the capture window).
2. On the menu, click . The SSL Server Keys dialog appears.
3. Click or . The Add Server Key dialog appears.
4. Complete the dialog:
• Private key file: The file (*.pem) that contains the server’s SSL private key.
• Key password: The password (if needed) to decrypt the private key if it is encrypted.
• IP addresses which use this key: The IP address of the servers that use the key. Enter one or more IPv4 addresses, IPv6 addresses, or CIDR ranges separated by commas or new lines. Leave this field blank to match any IP address.
• Port which use this key: The port being used for SSL data. The default is port 443, which is the port commonly used for SSL decryption.
5. Click .
A copy of the capture window is made and each packet in the new capture window that matches the criteria specified goes through the SSL decryption process. If the SSL packet has encrypted data, the data is decrypted and the output is placed in the packet.
NOTE: If an encrypted packet is received before the packet processor has generated the decryption keys, the packet will not be decrypted.