Kaian
commented
8 months ago Hi @Ry0dai !
sngrep only support a couple insecure cipthers (TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA and TLS_RSA_WITH_AES_256_GCM_SHA384), and needs to capture the initial TLS negotiation in order to decrypt the conversation. If you're using TLS v1.2 or greater with a DH or ECDH cipher, decrypting is impossible as these ciphers implement Perfect Forward Secrecy.
I have added a FAQ entry with this topic.
If your server is able to send HEP traffic, it's better to configure sngrep as local HEP listener than trying to decrypt TLS information from the wire configuring an insecure cipher in your server.
Regards!
Ry0dai
Hi everyone, Can someone confirm
sngrepsupport of webRTC WSS Sip capture ?Best wishes for this new year to all.
Rgds