I'm running on Linux, and I need to capture HTTPS traffic (without being a man-in-the-middle), and decode the traffic, and then save the decoded traffic to a raw pcap file. Piping the output to another process is also ok. Getting a human-readable output (not raw) is not ok.
I have access to the ssl key on the server.
Directions I tried:
If you can help me solve the issue in #1 or #2, that would be fantastic. New ideas are also welcome. Thanks!
I have access to the ssl key on the server ... Works great, but doesn't support DH
The SSL key of the server does not help with DH/ECDH, because the encryption keys for the connection are not derived from the key of the server. You would need to have access to the actual keys used for encryption. There are several descriptions out there on how to get access to these keys with some browsers, see for example https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/.
If you don't have access to the encryption keys of the SSL connection than your only way would be to restrict the ciphers so that no DH/ECDH is used. This is not recommended for production.