Use OpenSSL to decrypt TLS session from PCAP files

2020-12-08 Thread Oren Shpigel
Hi, I generated a PCAP file with TLS session, and I have the matching private key used by my HTTPS server. The TLS session is not using DH for key exchange, so it should be possible to decrypt. I know OpenSSL can be used to connect to a socket to "actively" handle the TLS session, but is there a wa

RE: Use OpenSSL to decrypt TLS session from PCAP files

2020-12-08 Thread Dr. Matthias St. Pierre
Do you need to integrate the decryption into your own software, or are you just looking for a possibility to monitor and view the traffic? If it’s the latter, try and take a look at the SSL decryption support that Wireshark provides. https://wiki.wireshark.org/TLS https://www.comparitech.com/net

OpenSSL version 1.1.1i published

2020-12-08 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 1.1.1i released === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.1i of our open sour

OpenSSL Security Advisory

2020-12-08 Thread OpenSSL
== URL for this Security Advisory: https://www.openssl.org/news/secadv/20201208.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Re: Use OpenSSL to decrypt TLS session from PCAP files

2020-12-08 Thread Oren Shpigel
Hi, thanks for the answer. I know wireshark and ssldump have this capability, but I'm looking for a way to do it in my own software in C++, (using OpenSSL, if possible, but open to other suggestions as well). On Tue, Dec 8, 2020 at 4:32 PM Dr. Matthias St. Pierre < matthias.st.pie...@ncp-e.com> w

Re: Use OpenSSL to decrypt TLS session from PCAP files

2020-12-08 Thread Matt Caswell
On 08/12/2020 15:28, Oren Shpigel wrote: > Hi, thanks for the answer. > > I know wireshark and ssldump have this capability, but I'm looking for a > way to do it in my own software in C++, (using OpenSSL, if possible, but > open to other suggestions as well). Unfortunately OpenSSL does not sup

Re: Use OpenSSL to decrypt TLS session from PCAP files

2020-12-08 Thread John Baldwin
On 12/8/20 7:46 AM, Matt Caswell wrote: > > > On 08/12/2020 15:28, Oren Shpigel wrote: >> Hi, thanks for the answer. >> >> I know wireshark and ssldump have this capability, but I'm looking for a >> way to do it in my own software in C++, (using OpenSSL, if possible, but >> open to other suggesti

DH_generate_key

2020-12-08 Thread Narayana, Sunil Kumar
Dear openssl team, While migrating from 1.0.2 to 3.0, we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init & EVP_PKEY_derive

RE: DH_generate_key

2020-12-08 Thread Sands, Daniel via openssl-users
Dear openssl team, While migrating from 1.0.2 to 3.0, we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init & EVP_PKEY_derive