SSL: Reading secrets
Wireshark:
Can decrypt SSL if it has the private key
Can not decrypt SSL if the key exchange is DH
But we can hack around it with %LD_PRELOAD%:
Download:
https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c
Compile:
cc sslkeylog.c -shared -o libsslkeylog.so -fPIC -ldl
Use:
SSLKEYLOGFILE=/tmp/premaster.txt LD_PRELOAD=./libsslkeylog.so \
./mongo --ssl --sslPEMKeyFile=/tmp/ssl/ssl/client.pem --sslCAFile=/tmp/ssl/ssl/ca.pem