I have a web server that uses the ECDHE-RSA-AES256-GCM-SHA384 cipher suite. I noticed that when given the "(Pre)-master-secret log" file (generated by the browser), Wireshark is able to decrypt the traffic given the client random and master secret.
I was wondering how that is possible exactly? Or assuming that I have an encrypted HTTP response from the server, how would one decrypt the traffic given this information through the
openssl CLI command? I’m using the
LibreSSL version of
openssl, which supports encryption/decryption using
Example contents of the "Pre-master-secret" log file (generated by the browser):
CLIENT_RANDOM 8a16c5c231d0074f7d1652e66479d8ef90f3e4692c0ea12da51e342d8040c388 b5d95d11fca16b71cdf2a2999e445caff3b379795d18739b79cbae98edbe883e7a28a9ea13aac8902a143f43ab37cf0d