KB: 1077
How to perform SSL/TLS DECRYPTION
Introduction
SSL/TLS is the secure mechanism that is used to perform communication between client and server. This technique share information using secure channel to transfer encrypted data between client and server such as personal or finanancial data.
For troubleshooting, we will require to decrypt the traffic to determine and analyse the root cause. This document provides brief explaintaion to different technique to decrypt of SSL/TLS traffic.
DECRYPTION METHODS
The below mentioned decryption techniques can be used to analyze SSL/TLS traffic.
- Using SSL Private Certificate
- Using SSLKEYLOGFILE
The recommended technique is SSLKEYLOGFILE.
SSL private certificate is the sensitive information that is used to encrypt or decrypt application traffic. This SSL private certificate should not be shared with untrusted user and have limited access.
DECRYPTION USING SSL PRIVATE CERTIFICATE
This technique is limited to specific SSL protocols i.e. TLS v1.2 or lower, and RSA based cipher suites.
The traffic can be decrypted only with same private certificate that used in the encryption.
The RSA based key exchanges allow the server’s private certificate to decrypt with the pre-master secret, that can be used to derive the session key. Further, the same SSL private certificate will have same session key for each communication between client and server. This allow RSA key exchanges to easily decrypt SSL traffic with the server's private certificate.
The RSA based SSL cipher suites can be decrypted by stolen private certificate. This stolen private certificate can also be used to decrypt past communication and should be avoided to use in the production environment.
To decrypt SSL/TLS traffic using the server’s private certificate, we have to enable RSA based cipher suites on the WAF or application server. The RSA based cipher suites will enforce in the communication and allow us to decrypt traffic.
Here are the general steps to enable weak ciphers for SSL/TLS decryption:
Application Server
- Access the application configuration
- Enable Weak Ciphers
- Save Changes
Haltdos WAF
- Go to application SSL configuration
- Change SSL Ciphers to CUSTOM.
- Select SSL protocol as TLSv1.2 or lower and RSA based ciphers
- Save Changes
RSA based SSL setting
Protocol: TLSv1.2
Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
The below information required to decrypt SSL traffic
- Packet Capture between client and server using tcpdump
- SSL private certificate
These changes should only be made in a controlled environment (e.g., for debugging or testing purposes), as weak ciphers introduce significant security risks.
DECRYPTION USING SSLKEYLOGFILE
For application with modern SSL protocols and cipher suites, this technique can be used for decryption. The modern protocol are using forward secracy to encrypt SSL information for each session. The technique support Diffie-Hellman key exchange.
Diffie-Hellman (DH) key exchange
Diffie-Hellman includes elliptic-curve variant (ECDHE), that is fundamentally different from other key exchange methods like RSA. The key reason is that DH does not rely on the server’s private certificate to establish the shared session key. The below factors allow each session indepedent using same SSL private certificate. Diffie-Hellman key exchanges are often used in combination with forward secrecy.
Ephemeral Keys: Diffie-Hellman generates unique, temporary session keys for each session. These keys are not tied to the server's long-term private certificate.
Session Key Independence: Even if the server’s private certificate is compromised, the keys used in previous sessions remain secure.
Forward Secrecy
Forward secrecy ensures that even if the server’s private certificate is compromised, previous sessions cannot be decrypted. Forward secrecy is critical in environments where long-term security is a concern, ensuring that sensitive data remains protected even in the event of a key compromise.
The below information required to decrypt SSL traffic
- Packet Capture between client and server using tcpdump
- SSLKEYLOG file
Why Diffie-Hellman Cannot Be Decrypted Using the Server’s Private Key?
The Diffie-Hellman (DH) key exchange protocol is designed to allow two parties to securely share a secret key over a public channel, without actually transmitting the key itself. The protocol relies on the mathematical properties of modular exponentiation and the difficulty of the discrete logarithm problem to ensure security.
The limitations of Diffie-Hellman key exchanges and the concept of Forward Secrecy, which impacts the ability to decrypt past sessions.