– Kamailio SIP Server –

Decoding of TLS Connections with Wireshark

Wireshark can decode SSL/TLS sessions when the following conditions are fulfilled:

the private key of the TLS server is known (maybe both keys are needed if mutual TLS (=client certificate) is used?).
the TLS connections does not use a Diffie-Hellman cipher
Wireshark captures the TLS session from the beginning (handshake)

Configure Wireshark to decode TLS:

Copy the server's private key to the PC running Wireshark. Configure Wireshark to use the key:

Edit → Preferences → Protocols → SSL → RSA Keys List: e.g.: ip.address.of.server,5061,sip,c:\key.pem

If the server uses Diffie-Hellman (DH) Ciphers by default (depends on how openSSL was built) you should configure the server to use other ciphers. See
- http://www.kamailio.org/docs/modules/3.0.x/modules/tls.html#cipher_list and
- http://www.openssl.org/docs/apps/ciphers.html

To make sure you capture the handshake you should: 1. close the SIP client, 2. start Wireshark and start capturing, 3. start the SIP client.

If you have problems decoding the TLS session you should enable debugging in Wireshark: Edit→Preferences→Protocols→SSL→SSL Debug File

Trace: • tls-decoding

Log In

Search

Toolbox