F5 BIG-IP LTM Specialist: Maintain and Troubleshoot — Question 182

Given this as the first packet displayed of an ssldump:
2 2 1296947622.6313 (0.0001) S>CV3.1(74) Handshake

ServerHello -

Version 3.1 -
random[32]=
19 21 d7 55 c1 14 65 63 54 23 62 b7 c4 30 a2 f0
b8 c4 20 06 86 ed 9c 1f 9e 46 0f 42 79 45 8a 29
session_id[32]=
c4 44 ea 86 e2 ba f5 40 4b 44 b4 c2 3a d8 b4 ad
4c dc 13 0d 6c 48 f2 70 19 c3 05 f4 06 e5 ab a9
cipherSuite TLS_RSA_WITH_RC4_128_SHA
compressionMethod NULL
In reviewing the rest of the ssldump, the application data is NOT being decrypted.
Why is ssldump failing to decrypt the application data?

Answer options

• A. The application data is encrypted with SSLv3.
• B. The application data is encrypted with TLSv1.
• C. The data is contained within a resumed TLS session.
• D. The BigDB Key Log.Tcpdump.Level needs to be adjusted.

Correct answer: C

Explanation

The correct answer is C because if the application data is part of a resumed session, ssldump may not have the necessary keys to decrypt it. Options A and B are incorrect since the encryption methods mentioned do not directly relate to session resumption issues. Option D is also incorrect as adjusting the Tcpdump.Level does not address the specific issue of session resumption affecting decryption.