Great presentation. Any thoughts on including these tricks directly into wireshark to allow fluid decryption at least on the Linux client where CAP_BPF is present?
Could be a good weekend project, they already allow importing keys for decryptions so most of the work is finding references where openssl, etc stores it.