How can I decrypt ssl encrypted mongo wire protocol for inspection when I have ownership of all certificates involved?

Wesley asked:

I have a standard MongoDB SSL environment where the mongo wire protocol is encrypted with SSL/TLS using RSA keys. I have packet captures of communication between the MongoDB server and a client taken via tcpdump. I have ownership of the certificates involved in the encryption.

I have a capture of the handshake, and DHE / ECDHE / PFS is not at play in this scenario.

How can I decrypt the information in the existing packet captures to inspect the contents of the mongo wire protocol portion of the packets?

My answer:


You almost certainly can’t because of forward secrecy.

MongoDB, for some reason, has a hardcoded SSL cipher list of HIGH:!EXPORT:!aNULL@STRENGTH. What this results in depends on the version of OpenSSL it was built against, but on a modern system will result in ciphers that use forward secrecy being preferred over those that don’t.

You can see the generated cipher list on the target system with:

openssl ciphers -v 'HIGH:!EXPORT:!aNULL@STRENGTH'

When the SSL/TLS connection uses forward secrecy, it is impossible to decrypt the session, even if you have the SSL certificate private key. This is the whole point of forward secrecy; it prevents past sessions from being decrypted even if an attacker (whether it be you or a criminal or the NSA) gains control of your private key.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.