Which statement about TLS key log files is true?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

Which statement about TLS key log files is true?

Explanation:
TLS key log files provide the cryptographic material that lets a capture of TLS traffic be decrypted later. They are created by the TLS client (for example, a web browser) while you’re running the client with support for exporting keys. The log records the secrets tied to each TLS session, which Wireshark can use to decrypt the corresponding traffic in the capture. To make this work, you point Wireshark to the location of that log file by using the environment variable that the client supports: SSLKEYLOGFILE (for OpenSSL-based setups) or TLSKEYLOGFILE in other contexts. By setting this variable and starting the client, the client writes the per-session keys to the file, and Wireshark reads those keys to decrypt the captured TLS sessions. The statement that the log decrypts traffic without client secrets isn’t correct—the keys in the log are the session secrets derived during the handshake, which are essential for decryption. And TLS key log files aren’t used for DNS resolution, nor does Wireshark automatically generate them.

TLS key log files provide the cryptographic material that lets a capture of TLS traffic be decrypted later. They are created by the TLS client (for example, a web browser) while you’re running the client with support for exporting keys. The log records the secrets tied to each TLS session, which Wireshark can use to decrypt the corresponding traffic in the capture.

To make this work, you point Wireshark to the location of that log file by using the environment variable that the client supports: SSLKEYLOGFILE (for OpenSSL-based setups) or TLSKEYLOGFILE in other contexts. By setting this variable and starting the client, the client writes the per-session keys to the file, and Wireshark reads those keys to decrypt the captured TLS sessions.

The statement that the log decrypts traffic without client secrets isn’t correct—the keys in the log are the session secrets derived during the handshake, which are essential for decryption. And TLS key log files aren’t used for DNS resolution, nor does Wireshark automatically generate them.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy