> On October 13, 2016 at 6:52 PM Konstantin Khomoutov 
> <flatw...@users.sourceforge.net> wrote:
> 
> 
> On Thu, 13 Oct 2016 10:35:14 -0500
> Bryan Holloway <br...@shout.net> wrote:
> 
> > > [...]
> > >> Is there a way to see the IMAP commands coming from the client?
> > >> I've tried looking at PCAPs, but of course they're encrypted so I
> > >> can't see the actual dialog going on between the server and
> > >> client. I didn't see an obvious way to do this in the docs.
> > >
> > > If you have access to the SSL/TLS key (IOW, the private part of the
> > > cert) the server uses to secure IMAP connections you can dump the
> > > IMAP traffic using the `ssldump` utility (which builds on
> > > `tcpdump`).
> > 
> > I do, but the client is using a DH key exchange so I only have the 
> > server-side private key.
> > 
> > Tried that using Wireshark's decoder features and ran into this
> > problem. I'm assuming I'd run into the same using ssldump, but I'll
> > give it a shot!
> 
> I think DH is not the culprit: just to be able to actually decode SSL
> traffic, you must have the server private key when you're decoding the
> SSL handshake phase -- to be able to recover the session keys, which
> you then use to decode the actual tunneled data.

You can also enable only non DH algorithms in ssl settings if rawlog isn't 
working for you. 

Aki

Reply via email to