Decrypting DTLS traffic with Wireshark

I’ve written about Improving SSL VPN performance with DTLS recently thus I would like to write about how-to decrypt this traffic with Wireshark. DTLS is a protocol used for encrypting traffic over UDP, which is often used for SSL VPN tunnels, whereas TLS is a protocol used for encrypting traffic over TCP, which has worse performance for SSL VPN tunnels because it encapsulates TCP over TCP and, as a result, we can often encounter retransmissions and packet loss. Therefore, cryptographic knowledge is important to understand the steps needed to decode DTLS traffic.

First, we have to ensure the use of a Diffie-Hellman Ephemeral (DHE/EDH) or RSA Ephemeral cipher suite is not negotiated between server and clients because Wireshark isn’t able to decrypt data where ephemeral ciphers are used. Accordingly, I’ve disabled DH, DHE, ECDH and ECDHE cipher suites from my SSL VPN server to be able to decrypt user traffic.

Control the cipher suites that can be used by an SSL VPN
The cipher suite negotiated between SSL VPN server and clients can be checked in the initial DTLS session establishment. In other words, the Client Hello and Server Hello exchange into the handshake protocol. In addition, these initial packets are needed for Wireshark to get the public key used by clients for data encryption.

Cipher Suite
Once we have, or Wireshark has, the public key, we also need to get the private key to decrypt data traffic. If we manage the SSL VPN server, there are many ways to get it. For instance, next, we can see how-to get the private key from a SSL certificate of a FortiGate appliance, which should be saved as a file from -----BEGIN PRIVATE KEY ----- till -----END PRIVATE KEY-----.

Exporting private key from a SSL certificate

We should save the private key, for instance as private.key, for importing it into the DTLS RSA keylist of Wireshark. Besides, we’ll have to write the IP address of the SSL VPN server, what server port is listening for DTLS traffic, and what kind of traffic is being encapsulated into DTLS.

DTLS RSA Keylist
We already have almost everything, we just have to test it and check if DTLS traffic is decrypted. Next, we can see how DTLS traffic is decrypted when I visit a webpage like from a client connected to a SSL VPN server with DTLS support. Actually, we’ll be able to decrypt everything inside the SSL VPN tunnel and not only HTTP traffic but everything else.

Decrypting DTLS packets
If we work as security engineers of a company and we manage SSL VPN servers or firewall appliances, we can use this technique to decode encrypted traffic for troubleshooting propose. On the other hand, there are SSL Inspection architectures where firewall appliances are able to decrypt and encrypt traffic, like a Man-In-The-Middle (MITM) attack, with the aim of analysing everything to block malwares and attacks. This can be a big responsibility, and a powerful tool, for security engineers, who should be monitored.

Regards my friends and remember, encrypted traffic can be decrypted if you are in the middle; be careful with your responsibilities.