debugging TLS with wireshark and a custom application ?

Kurt Jaeger dovecot at opsec.eu
Wed Sep 30 18:06:54 EEST 2020


Hi!

My question is: can dovecot be used to debug/decrypt TLS sessions ?

The reason I'm asking:

A custom application wants to speak IMAP with TLS with a dovecot
instance.

It fails, and the error message is, unfortunatly, not very helpful.
tcpdump shows that the session is established, but fails. The custom
application says error 60000, not much more.

There is a way to decode TLS sessions in some cases:

https://wiki.wireshark.org/TLS                                                  

using firefox and the enviroment variable SSLKEYLOGFILE.

Basically, the TLS client (firefox), while negotiating keys with the
other side, writes those logfiles to a logfile specified by SSLKEYLOGFILE
and at the same time, wireshark is used to capture / write the pcap
of the session.

Then wireshark can be used to decode the contents of the TLS-encrypted
session.

Is something similiar possible with dovecot as the server and
from the server side ?

Is, by chance, the session=<...> value already such a key so that
a tcpdump pcap file would be able to descrypt that session ?

Sep 29 08:51:30 imap-login: Info: Login: user=<someuser>, method=PLAIN, rip=<someip>, lip=<someotherip>, mpid=63667, TLS, session=<GGF0Nm6wxy0qAQHoAAMAAwAAAAAAAAAB>

-- 
pi at opsec.eu            +49 171 3101372                    Now what ?


More information about the dovecot mailing list