(cipher suite 0xC030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)Īnd cannot be decrypted using a RSA private key file.Īfter some searching, I found out that if the session uses Diffie-Hellman for key exchange, Wireshark can not use the RSA private key, and needs different information. After a quick look I noticed the following in the debug file: ssl_decrypt_pre_master_secret: Since I had my SSL debug file at least I had some chance of figuring out why this no longer worked.
I was a little confused as it worked in the past. Months ago, I had added my private key to the RSA keys list, but when I tried it now for this post, Wireshark failed to decrypt my SSL traffic to MongoDB. I have set it here to /tmp/ssl-debug.txt. When you start using Wireshark with SSL encryption, it is also wise to configure an SSL debug file in the same screen. You can go to Edit → Preferences → Protocols → SSL and add the private key to the RSA keys list: The first option, providing Wireshark with the private keys, is by far the easiest. Firstly, you can configure Wireshark with the private keys used to encrypt the connection, and secondly, you can provide Wireshark with pre-master keys obtained from a client process that uses OpenSSL.
When a connection is encrypted with SSL, it is impossible to dissect the MongoDB Wire Protocol data that is exchanged between client and server-unless a trick is employed to first decrypt that data.įortunately, Wireshark allows dissection and analysis of encrypted connections in two different ways. It is common to enable SSL when talking to MongoDB, especially if the server communicates over a public network. In the conclusion of that first article, I alluded to the complications with inspecting SSL traffic in Wireshark, which I hope to cover in this post. This is a follow up post to Wireshark and MongoDB 3.6, in which I explained how I added support for MongoDB's OP_MSG and OP_COMPRESSED message formats to Wireshark.
0 kommentar(er)
