> On October 13, 2016 at 6:52 PM Konstantin Khomoutov
> <flatw...@users.sourceforge.net> wrote:
> On Thu, 13 Oct 2016 10:35:14 -0500
> Bryan Holloway <br...@shout.net> wrote:
> > > [...]
> > >> Is there a way to see the IMAP commands coming from the client?
> > >> I've tried looking at PCAPs, but of course they're encrypted so I
> > >> can't see the actual dialog going on between the server and
> > >> client. I didn't see an obvious way to do this in the docs.
> > >
> > > If you have access to the SSL/TLS key (IOW, the private part of the
> > > cert) the server uses to secure IMAP connections you can dump the
> > > IMAP traffic using the `ssldump` utility (which builds on
> > > `tcpdump`).
> > I do, but the client is using a DH key exchange so I only have the
> > server-side private key.
> > Tried that using Wireshark's decoder features and ran into this
> > problem. I'm assuming I'd run into the same using ssldump, but I'll
> > give it a shot!
> I think DH is not the culprit: just to be able to actually decode SSL
> traffic, you must have the server private key when you're decoding the
> SSL handshake phase -- to be able to recover the session keys, which
> you then use to decode the actual tunneled data.
You can also enable only non DH algorithms in ssl settings if rawlog isn't
working for you.