|
|
|
|
|
|
by KingMachiavelli
2664 days ago
|
|
|
Why? If you have the private key you can decrypt TLS traffic if forward secrecy is off. Which is why forward secrecy exists, to prevent captured encrypted sessions form being decrypted out-of-band with, presumably, comprimised private keys. The issue is that TLS 1.3 deprecates the key exchange that makes this possible, essentially making (perfect) forward secrecy a requirement since the only inlcuded ciphers do so. The only way to monitor/inspect TLS traffic in this situation is to MITM the traffic rather than simply record encrypted sessions. |
|
|