On 10/13/16 11:01 AM, Aki Tuomi wrote:

On October 13, 2016 at 6:52 PM Konstantin Khomoutov 
<flatw...@users.sourceforge.net> wrote:

On Thu, 13 Oct 2016 10:35:14 -0500
Bryan Holloway <br...@shout.net> wrote:

Is there a way to see the IMAP commands coming from the client?
I've tried looking at PCAPs, but of course they're encrypted so I
can't see the actual dialog going on between the server and
client. I didn't see an obvious way to do this in the docs.

If you have access to the SSL/TLS key (IOW, the private part of the
cert) the server uses to secure IMAP connections you can dump the
IMAP traffic using the `ssldump` utility (which builds on

I do, but the client is using a DH key exchange so I only have the
server-side private key.

Tried that using Wireshark's decoder features and ran into this
problem. I'm assuming I'd run into the same using ssldump, but I'll
give it a shot!

I think DH is not the culprit: just to be able to actually decode SSL
traffic, you must have the server private key when you're decoding the
SSL handshake phase -- to be able to recover the session keys, which
you then use to decode the actual tunneled data.

You can also enable only non DH algorithms in ssl settings if rawlog isn't 
working for you.


Ah -- interesting tip. I hadn't thought of that. Thank you! I'll report my findings to the list.

Reply via email to