Decrypt TLS (DHE cypher) inside of TDS (Microsoft SQL Tabular Data Stream protocol)
Is there a possibility to decrypt TLS data encapsulated within TDS Microsoft TSQL protocol?
The TLS handshake seems to occur within TDS data, right after the TDS pre-login The handshake itself is missing the client Hello (starts directly with Server Hello). The server picks the cypher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030).
Whenever I want to decrypt a TLS flow, I use to run a MITM (likely stunnel) where I can force a non-DHE cypher for easy decryption with the RSA private key. But in that case, the TCP socket is dedicated to TLS handling (the TLS handshake occurs right after the TCP handshake).
It seems with TDS, the situation is quite different as the TCP socket is not dedicated to TLS - it is shared with TDS traffic. I am afraid that it would require another level of tooling to manipulate the TDS data to either transmit it "as is" (if not TLS) or leverage TLS decryption process like a MITM.
And to my knowledge, there is no such tool available by now?
