diff --git a/test/captures/dhe1.pcapng.gz b/test/captures/dhe1.pcapng.gz
new file mode 100644
index 0000000000..3811257635
Binary files /dev/null and b/test/captures/dhe1.pcapng.gz differ
diff --git a/test/keys/dhe1_keylog.dat b/test/keys/dhe1_keylog.dat
new file mode 100644
index 0000000000..98819f30d1
--- /dev/null
+++ b/test/keys/dhe1_keylog.dat
@@ -0,0 +1,2 @@
+# the client's random number and the master secret for test/captures/dhe1.pcapng.gz
+CLIENT_RANDOM 531f88d114fcf9ce9729b5458f73e1807324459029ee4bea43f8ee4ce06c77c0 3CC9E5068E674393C10E540430F60AB794C028B277CAD9C708758400B803AD4FC81D6796AFD14D8952F7CD9E4268B4DB
diff --git a/test/suite-decryption.sh b/test/suite-decryption.sh
index 0212bea42a..e8b512a53b 100755
--- a/test/suite-decryption.sh
+++ b/test/suite-decryption.sh
@@ -90,7 +90,7 @@ decryption_step_dtls() {
 	test_step_ok
 }
 
-# SSL
+# SSL, using the server's private key
 # http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=snakeoil2_070531.tgz
 decryption_step_ssl() {
 	env $TS_DC_ENV $TSHARK $TS_DC_ARGS -Tfields -e http.request.uri \
@@ -98,7 +98,23 @@ decryption_step_ssl() {
 		| grep favicon.ico > /dev/null 2>&1
 	RETURNVALUE=$?
 	if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
-		test_step_failed "Failed to decrypt SSL"
+		test_step_failed "Failed to decrypt SSL using the server's private key"
+		return
+	fi
+	test_step_ok
+}
+
+# SSL, using the master secret
+decryption_step_ssl_master_secret() {
+	env $TS_DC_ENV $TSHARK $TS_DC_ARGS -Tfields -e http.request.uri \
+		-o "ssl.keylog_file: $TEST_KEYS_DIR/dhe1_keylog.dat" \
+		-o "ssl.desegment_ssl_application_data: FALSE" \
+		-o "http.ssl.port: 443" \
+		-r "$CAPTURE_DIR/dhe1.pcapng.gz" -Y http \
+		| grep test > /dev/null 2>&1
+	RETURNVALUE=$?
+	if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+		test_step_failed "Failed to decrypt SSL using the master secret"
 		return
 	fi
 	test_step_ok
@@ -159,7 +175,8 @@ decryption_step_dvb_ci() {
 tshark_decryption_suite() {
 	test_step_add "IEEE 802.11 WPA PSK Decryption" decryption_step_80211_wpa_psk
 	test_step_add "DTLS Decryption" decryption_step_dtls
-	test_step_add "SSL Decryption" decryption_step_ssl
+	test_step_add "SSL Decryption (private key)" decryption_step_ssl
+	test_step_add "SSL Decryption (master secret)" decryption_step_ssl_master_secret
 	test_step_add "ZigBee Decryption" decryption_step_zigbee
 	test_step_add "ANSI C12.22 Decryption" decryption_step_c1222
 	test_step_add "DVB-CI Decryption" decryption_step_dvb_ci