|
|
|
|
|
|
by technion
3469 days ago
|
|
|
If you are using a non-forward secrecy supporting implementation, such as RSA, the SSL key on the server is all that's required to be able to decrypt the conversation. That's why you can use Wireshark in the manner described here, by installing the SSL key on your client machine, and decrypting the whole session: https://support.citrix.com/article/CTX116557 You'll note the article warns, it won't work with DHE. Similarly, it won't work with ECDHE. Modern forward secrecy ensures that even with the key, an attacker is constrained in their ability to decrypt the ciphertext. I can only assume the industry request was based on running this sort of thing at a larger scale. |
|
|