Fortinet black logo

Administration Guide

Decrypting TLS 1.3 Traffic

Decrypting TLS 1.3 Traffic

  1. Capture packets on FortiWeb, and enable diagnose debug flow at the same time as follows.

    FortiWeb# diagnose debug flow filter flow-detail 4

    FortiWeb# diagnose debug flow trace start

    FortiWeb# diagnose debug enable

    Please note:

    • Add filters when capturing packets on FortiWeb;

    • Do not add filters in diagnose commands as below if the back-end server provides SSL/TLS service, otherwise SSL keys cannot be displayed in diagnose output. It’s a known limitation while we’ll enhance it in future builds.

    • If you only wants to decrypt SSL traffic from clients to FortiWeb, below filters can be added

      diagnose debug flow filter client-ip 172.30.214.11

      diagnose debug flow filter server-ip 10.159.37.33

  2. The keys can be also found in the diagnose debug output as follows. It’s a little different from that of TLS1.2 and before.

    [work 0][flow] ssn 5 policy SP_01 strm 0 dir 0 subclient 0 client 32 ssl handshake(172.30.212.177:1039->10.159.37.1:7002),ssl event:2

    [work 0][flow] ssn 5 policy SP_01 strm 0 dir 0 subclient 0 client 32 [ST-ssl-handshake], conn st 0x00000004

    tls1.3 ssl key (server):

    SERVER_HANDSHAKE_TRAFFIC_SECRET 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 a52744e732f1b328650b40653ea0d9845fa8726f79b19a6b6dbdf08ff24c735efc907e948a53709c0cf5ef2c7038c8af

    tls1.3 ssl key (server):

    CLIENT_HANDSHAKE_TRAFFIC_SECRET 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 e14368e33bd50ba4dd106d0a5018e8e145e112b9cdac6fd3e0455b2479399bbf8bc54ab0f522512f93170c754d32a9ad

    tls1.3 ssl key (server):

    EXPORTER_SECRET 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 31ccbf2227090eea6653d334f5fd9a08667292ac0a220e25f139270fde716a5a14f3b426ba0611b012b985e04028c178

    tls1.3 ssl key (server):

    SERVER_TRAFFIC_SECRET_0 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 0faae977ef5ba35accdac2b189eedefea4ccf7363fc78f6933569f42659f27ece1bdae43dff88a7da18b950e5d021505

    [conn lib]ssl handshake, state:1

    [work 0][flow] ssn 5 policy SP_01 strm 0 dir 0 subclient 0 client 32 ssl handshake(172.30.212.177:1039->10.159.37.1:7002),ssl event:2

    [work 0][flow] ssn 5 policy SP_01 strm 0 dir 0 subclient 0 client 32 [ST-ssl-handshake], conn st 0x00000004

    tls1.3 ssl key (server):

    CLIENT_TRAFFIC_SECRET_0 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 c06b9cb7332bd05f1761d6ba6621345aa73a018f5f5db2ddfeb160b3aec755f8a9a40fd30041232a3d37bfb93aff24bd

    [conn lib]ssl handshake, state:2

    The first column is tls1.3 secret label as below:

    CLIENT_EARLY_TRAFFIC_SECRET: client early traffic secret

    CLIENT_HANDSHAKE_TRAFFIC_SECRET:client handshake secret

    SERVER_HANDSHAKE_TRAFFIC_SECRET:server handshake secret

    CLIENT_TRAFFIC_SECRET_0: client application data secret

    SERVER_TRAFFIC_SECRET_0: server application data secret

  3. Create a wireshark key file. The key file format is as follows with content retrieved from the diagnose output.

    root@ut:/home/test/keys# cat tls1.3_key.file

    SERVER_HANDSHAKE_TRAFFIC_SECRET 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 a52744e732f1b328650b40653ea0d9845fa8726f7

    9b19a6b6dbdf08ff24c735efc907e948a53709c0cf5ef2c7038c8af

    CLIENT_HANDSHAKE_TRAFFIC_SECRET 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 e14368e33bd50ba4dd106d0a5018e8e145e112b9c

    dac6fd3e0455b2479399bbf8bc54ab0f522512f93170c754d32a9ad

    EXPORTER_SECRET 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 31ccbf2227090eea6653d334f5fd9a08667292ac0a220e25f139270fd

    e716a5a14f3b426ba0611b012b985e04028c178

    SERVER_TRAFFIC_SECRET_0 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 0faae977ef5ba35accdac2b189eedefea4ccf7363fc78f693

    3569f42659f27ece1bdae43dff88a7da18b950e5d021505

    CLIENT_TRAFFIC_SECRET_0 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 c06b9cb7332bd05f1761d6ba6621345aa73a018f5f5db2ddf

    eb160b3aec755f8a9a40fd30041232a3d37bfb93aff24bd

    SERVER_HANDSHAKE_TRAFFIC_SECRET 49e35b0c4ddf3e521e07d2fc660a271cff2b2b64317bd48f343a69eb57ce70b6 fe1eb5cef9ca293fbd4899612d89339e0d76a5426

    55ccb08c249d32e330bc8232a8572d9bdcea7bbfd002764df227458

    EXPORTER_SECRET 49e35b0c4ddf3e521e07d2fc660a271cff2b2b64317bd48f343a69eb57ce70b6 5549b723b72fb18c30cc25a8ce86f8b5afe1bcfa1ed9bb6c3b9584408

    ef6fdac0c6286083c4046c99433e0424724351c

    SERVER_TRAFFIC_SECRET_0 49e35b0c4ddf3e521e07d2fc660a271cff2b2b64317bd48f343a69eb57ce70b6 ba1bb94d8740f7609919b18ab0c09201ade62ed6f6d8687ad

    892bdcf00e3bbc2f6ee253e26cf005acdabc6e80d2a29c2

    CLIENT_HANDSHAKE_TRAFFIC_SECRET 49e35b0c4ddf3e521e07d2fc660a271cff2b2b64317bd48f343a69eb57ce70b6 6fc9d895b73d8e8f33461b043ab0239b757d734b8

    f1dde1a664d519792cddd82aed2f81cc892f4e01865f68785851cc3

    CLIENT_TRAFFIC_SECRET_0 49e35b0c4ddf3e521e07d2fc660a271cff2b2b64317bd48f343a69eb57ce70b6 d4f3118b685428e8d53f7bbd63c15baa8b9828a8af062d984

    1619fa2d6b076d27bb3735df598f06204f13918a7993218

    You can manually copy & save the these sections to a file, or use a Linux command to retrieve them in the FortiWeb backend shell or a Linux machine as follows:

    root@utma:/home/test# awk '/EXPORTER_SECRET|SERVER_HANDSHAKE_TRAFFIC_SECRET|SERVER_TRAFFIC_SECRET_0|CLIENT_HANDSHAKE_TRAFFIC_SECRET|CLIENT_TRAFFIC_SECRET_0/{print $1" "$2" "$3}' tls1.3_flow.log > tls1.3_key.file

  4. Set wireshark: edit > preference > protocols > TLS: choose the key file “tls1.3_key.file” from "(Pre)-Master-Secret log filename". Then you’ll be able to see that decrypted HTTP traffic.

Decrypting TLS 1.3 Traffic

  1. Capture packets on FortiWeb, and enable diagnose debug flow at the same time as follows.

    FortiWeb# diagnose debug flow filter flow-detail 4

    FortiWeb# diagnose debug flow trace start

    FortiWeb# diagnose debug enable

    Please note:

    • Add filters when capturing packets on FortiWeb;

    • Do not add filters in diagnose commands as below if the back-end server provides SSL/TLS service, otherwise SSL keys cannot be displayed in diagnose output. It’s a known limitation while we’ll enhance it in future builds.

    • If you only wants to decrypt SSL traffic from clients to FortiWeb, below filters can be added

      diagnose debug flow filter client-ip 172.30.214.11

      diagnose debug flow filter server-ip 10.159.37.33

  2. The keys can be also found in the diagnose debug output as follows. It’s a little different from that of TLS1.2 and before.

    [work 0][flow] ssn 5 policy SP_01 strm 0 dir 0 subclient 0 client 32 ssl handshake(172.30.212.177:1039->10.159.37.1:7002),ssl event:2

    [work 0][flow] ssn 5 policy SP_01 strm 0 dir 0 subclient 0 client 32 [ST-ssl-handshake], conn st 0x00000004

    tls1.3 ssl key (server):

    SERVER_HANDSHAKE_TRAFFIC_SECRET 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 a52744e732f1b328650b40653ea0d9845fa8726f79b19a6b6dbdf08ff24c735efc907e948a53709c0cf5ef2c7038c8af

    tls1.3 ssl key (server):

    CLIENT_HANDSHAKE_TRAFFIC_SECRET 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 e14368e33bd50ba4dd106d0a5018e8e145e112b9cdac6fd3e0455b2479399bbf8bc54ab0f522512f93170c754d32a9ad

    tls1.3 ssl key (server):

    EXPORTER_SECRET 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 31ccbf2227090eea6653d334f5fd9a08667292ac0a220e25f139270fde716a5a14f3b426ba0611b012b985e04028c178

    tls1.3 ssl key (server):

    SERVER_TRAFFIC_SECRET_0 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 0faae977ef5ba35accdac2b189eedefea4ccf7363fc78f6933569f42659f27ece1bdae43dff88a7da18b950e5d021505

    [conn lib]ssl handshake, state:1

    [work 0][flow] ssn 5 policy SP_01 strm 0 dir 0 subclient 0 client 32 ssl handshake(172.30.212.177:1039->10.159.37.1:7002),ssl event:2

    [work 0][flow] ssn 5 policy SP_01 strm 0 dir 0 subclient 0 client 32 [ST-ssl-handshake], conn st 0x00000004

    tls1.3 ssl key (server):

    CLIENT_TRAFFIC_SECRET_0 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 c06b9cb7332bd05f1761d6ba6621345aa73a018f5f5db2ddfeb160b3aec755f8a9a40fd30041232a3d37bfb93aff24bd

    [conn lib]ssl handshake, state:2

    The first column is tls1.3 secret label as below:

    CLIENT_EARLY_TRAFFIC_SECRET: client early traffic secret

    CLIENT_HANDSHAKE_TRAFFIC_SECRET:client handshake secret

    SERVER_HANDSHAKE_TRAFFIC_SECRET:server handshake secret

    CLIENT_TRAFFIC_SECRET_0: client application data secret

    SERVER_TRAFFIC_SECRET_0: server application data secret

  3. Create a wireshark key file. The key file format is as follows with content retrieved from the diagnose output.

    root@ut:/home/test/keys# cat tls1.3_key.file

    SERVER_HANDSHAKE_TRAFFIC_SECRET 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 a52744e732f1b328650b40653ea0d9845fa8726f7

    9b19a6b6dbdf08ff24c735efc907e948a53709c0cf5ef2c7038c8af

    CLIENT_HANDSHAKE_TRAFFIC_SECRET 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 e14368e33bd50ba4dd106d0a5018e8e145e112b9c

    dac6fd3e0455b2479399bbf8bc54ab0f522512f93170c754d32a9ad

    EXPORTER_SECRET 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 31ccbf2227090eea6653d334f5fd9a08667292ac0a220e25f139270fd

    e716a5a14f3b426ba0611b012b985e04028c178

    SERVER_TRAFFIC_SECRET_0 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 0faae977ef5ba35accdac2b189eedefea4ccf7363fc78f693

    3569f42659f27ece1bdae43dff88a7da18b950e5d021505

    CLIENT_TRAFFIC_SECRET_0 72e61efe2594465bf79935093e9d73254e1cd2e67f0acee06379166af25be863 c06b9cb7332bd05f1761d6ba6621345aa73a018f5f5db2ddf

    eb160b3aec755f8a9a40fd30041232a3d37bfb93aff24bd

    SERVER_HANDSHAKE_TRAFFIC_SECRET 49e35b0c4ddf3e521e07d2fc660a271cff2b2b64317bd48f343a69eb57ce70b6 fe1eb5cef9ca293fbd4899612d89339e0d76a5426

    55ccb08c249d32e330bc8232a8572d9bdcea7bbfd002764df227458

    EXPORTER_SECRET 49e35b0c4ddf3e521e07d2fc660a271cff2b2b64317bd48f343a69eb57ce70b6 5549b723b72fb18c30cc25a8ce86f8b5afe1bcfa1ed9bb6c3b9584408

    ef6fdac0c6286083c4046c99433e0424724351c

    SERVER_TRAFFIC_SECRET_0 49e35b0c4ddf3e521e07d2fc660a271cff2b2b64317bd48f343a69eb57ce70b6 ba1bb94d8740f7609919b18ab0c09201ade62ed6f6d8687ad

    892bdcf00e3bbc2f6ee253e26cf005acdabc6e80d2a29c2

    CLIENT_HANDSHAKE_TRAFFIC_SECRET 49e35b0c4ddf3e521e07d2fc660a271cff2b2b64317bd48f343a69eb57ce70b6 6fc9d895b73d8e8f33461b043ab0239b757d734b8

    f1dde1a664d519792cddd82aed2f81cc892f4e01865f68785851cc3

    CLIENT_TRAFFIC_SECRET_0 49e35b0c4ddf3e521e07d2fc660a271cff2b2b64317bd48f343a69eb57ce70b6 d4f3118b685428e8d53f7bbd63c15baa8b9828a8af062d984

    1619fa2d6b076d27bb3735df598f06204f13918a7993218

    You can manually copy & save the these sections to a file, or use a Linux command to retrieve them in the FortiWeb backend shell or a Linux machine as follows:

    root@utma:/home/test# awk '/EXPORTER_SECRET|SERVER_HANDSHAKE_TRAFFIC_SECRET|SERVER_TRAFFIC_SECRET_0|CLIENT_HANDSHAKE_TRAFFIC_SECRET|CLIENT_TRAFFIC_SECRET_0/{print $1" "$2" "$3}' tls1.3_flow.log > tls1.3_key.file

  4. Set wireshark: edit > preference > protocols > TLS: choose the key file “tls1.3_key.file” from "(Pre)-Master-Secret log filename". Then you’ll be able to see that decrypted HTTP traffic.