Kaian
commented
1 year ago Hi @Yannik !!
Yep, this is known since a long time ago (See https://github.com/irontec/sngrep/issues/59#issuecomment-141842865)
Only a couple of ciphers are supported (the ones we used in the past) and there are no plans to improve TLS capture code (it is closer to being dropped in the future), so this is a wontfix.
Regards!!
Decrypting TLS 1.3 is not possible using the TLS key file, since PFS is mandatory. Same issue applies when using DHE on earlier TLS versions or when ClientKeyExchange (Client Hello / Server Hello) are not captured.
The solution to this is using the pre-master secret captured either on the client or server side.
For more information see https://wiki.wireshark.org/TLS#tls-decryption