Sometimes, you need to decrypt SSL. Wireshark says you can do that if you have the server key.

This works .. almost.

It doesn’t work if the key exchange uses a DH (Diffie-Helmann) cipher. You need to use a RSA cipher for the key exchange. Several people on the internet tell you this, but i was never able to find any information which keys to use and which not to use.

Seems this works, however:

I made it work. As SYN-bit said, the reason because my server and client use DH cipher to exchange key, I should config my server to use RSA cipher to exchange key. with Apache :

SSLCipherSuite RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS

Now I can decrypt https traffic.

This has been annoying me for almost 2 weeks now. Entry #7 of this fixes the problem for me.

In short:
in /usr/share/xfce4/helpers/firefox.desktop, replace the last two lines with


X-XFCE-Commands=%B -new-window "about:blank";%B;
X-XFCE-CommandsWithParameter=%B -new-tab "%s";%B %s;