my tls.Config is set to not use ECDHE exchange so i can monitor my traffic in wireshark without having to get the client's keys.
config = &tls.Config{
Certificates: []tls.Certificate{cpair},
MinVersion: tls.VersionTLS12,
PreferServerCipherSuites: true,
ClientAuth: tls.NoClientCert,
CipherSuites: []uint16{tls.TLS_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_RC4_128_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
},
}
however, when analyzing the traffic in wireshark, i still see the connection being made with a ECDHE ciper suiete:
62 ssl_decrypt_pre_master_secret: session uses Diffie-Hellman key exchange
(cipher suite 0xC014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
and cannot be decrypted using a RSA private key file.
turns out i forgot about my reverse proxy on apache.
wireshark was looking on port 443 for https connections,
but was filtering out the communication between apache and my server on the server's port
i was able to successfully limit SSLCipherSuites on ssl.conf in apache's configuration and was able to analyze the traffic
i'm assuming apache was passing on the data to my go program in the reverse proxy, which caused apache and go to negotiate a connection based on tls.Config, which i didn't see because that communication was on a different port on localhost (i was filtering wireshark based on port 443 on my IP address, not localhost, which is how apache and go are communicating)