Symptoms
tcpdump does not have the functionality to help analysis of encrypted data issues such as issues during encrypted TLS 1.3 handshakes, encrypted SSL/TLS payload for TLS 1.3, TLS 1.2 and earlier.
Impact
No ability to debug and analyze encrypted handshake and encrypted data of SSL/TLS connections.
Conditions
When there is a need to look at the encrypted traffic in an SSL/TLS connection or when there is a need to debug the encrypted handshake of TLS 1.3.
Workaround
You can use the OpenSSL keylogfile option to gather the same information needed to decrypt. This has to be done separately from the tcpdump capture.
Fix Information
In this release, there is a '--f5 ssl' option provided, which along with setting the dbvar 'tcpdump.sslprovider' to 'enable' supports capture of information needed to decrypt encrypted handshake and data.
Behavior Change
tcpdump has a new option: '--f5 ssl. When the db variable 'tcpdump.sslprovider' is set to 'enable', the tcpdump operation captures information needed to decrypt encrypted handshake and data.
