Read this web page for a good summary on decrypting with wireshark. https://www.packetsafari.com/blog/2022/10/07/wireshark-decryption/ Basically, if the captured pcap file uses RSA handshake, you can decrypt it. If is uses ephemeral Diffie-Hellman, you can’t, you need to have also captured the ephemeral keys via a separate mechanism while the handshake is taking place. RSA is very uncommon these days as it’s considered less secure.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
