I have a web server that uses the ECDHE-RSA-AES256-GCM-SHA384 cipher suite. I noticed that when given the "(Pre)-master-secret log" file (generated by the browser), Wireshark is able to decrypt the traffic given the client random and master secret.
I was wondering how that is possible exactly? Or assuming that I have an encrypted HTTP response from the server, how would one decrypt the traffic given this information through the openssl
CLI command? I’m using the LibreSSL
version of openssl
, which supports encryption/decryption using aes-256-gcm
.
Example contents of the "Pre-master-secret" log file (generated by the browser):
CLIENT_RANDOM 8a16c5c231d0074f7d1652e66479d8ef90f3e4692c0ea12da51e342d8040c388 b5d95d11fca16b71cdf2a2999e445caff3b379795d18739b79cbae98edbe883e7a28a9ea13aac8902a143f43ab37cf0d