diff --git a/.github/workflows/interop.yml b/.github/workflows/interop.yml
index d69ca869..56217772 100644
--- a/.github/workflows/interop.yml
+++ b/.github/workflows/interop.yml
@@ -48,7 +48,7 @@ jobs:
       - name: Build Wireshark
         if: steps.restore-cache.outputs.cache-hit != 'true'
         run: |
-          cmake -GNinja -DBUILD_wireshark=0 -DBUILD_qtshark=0 -DBUILD_editcap=0 -DBUILD_capinfos=0 -DBUILD_text2pcap=0 -DBUILD_rawshark=0 -DBUILD_sdjournal=0 -DBUILD_sshdump=0 -DBUILD_ciscodump=0 -DBUILD_sharkd=0 -DENABLE_STATIC=1 -DENABLE_PLUGINS=0 -DENABLE_LIBXML2=0 -DENABLE_BROTLI=0 -DUSE_STATIC=1 -DENABLE_GNUTLS=1 .
+          cmake -GNinja -DBUILD_wireshark=0 -DBUILD_qtshark=0 -DBUILD_editcap=1 -DBUILD_capinfos=0 -DBUILD_text2pcap=0 -DBUILD_rawshark=0 -DBUILD_sdjournal=0 -DBUILD_sshdump=0 -DBUILD_ciscodump=0 -DBUILD_sharkd=0 -DENABLE_STATIC=1 -DENABLE_PLUGINS=0 -DENABLE_LIBXML2=0 -DENABLE_BROTLI=0 -DUSE_STATIC=1 -DENABLE_GNUTLS=1 .
           ninja
       - run: run/tshark -v
         if: steps.restore-cache.outputs.cache-hit != 'true'
diff --git a/testcases.py b/testcases.py
index f22063fb..d88e79db 100644
--- a/testcases.py
+++ b/testcases.py
@@ -4,6 +4,7 @@
 import os
 import random
 import re
+import shutil
 import string
 import subprocess
 import sys
@@ -158,18 +159,36 @@ def _keylog_file(self) -> str:
             return self._server_keylog_file
         logging.debug("No key log file found.")
 
+    def _inject_keylog_if_possible(self, trace: str):
+        """
+        Inject the keylog file into the pcap file if it is available and valid.
+        """
+        keylog = self._keylog_file()
+        if keylog is None:
+            return
+
+        with tempfile.NamedTemporaryFile() as tmp:
+            r = subprocess.run(
+                f"editcap --inject-secrets tls,{keylog} {trace} {tmp.name}",
+                shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT
+            )
+            logging.debug("%s", r.stdout.decode("utf-8"))
+            if r.returncode != 0:
+                return
+            shutil.move(tmp.name, trace)
+
     def _client_trace(self):
         if self._cached_client_trace is None:
-            self._cached_client_trace = TraceAnalyzer(
-                self._sim_log_dir.name + "/trace_node_left.pcap", self._keylog_file()
-            )
+            trace = self._sim_log_dir.name + "/trace_node_left.pcap"
+            self._inject_keylog_if_possible(trace)
+            self._cached_client_trace = TraceAnalyzer(trace, self._keylog_file())
         return self._cached_client_trace
 
     def _server_trace(self):
         if self._cached_server_trace is None:
-            self._cached_server_trace = TraceAnalyzer(
-                self._sim_log_dir.name + "/trace_node_right.pcap", self._keylog_file()
-            )
+            trace = self._sim_log_dir.name + "/trace_node_right.pcap"
+            self._inject_keylog_if_possible(trace)
+            self._cached_server_trace = TraceAnalyzer(trace, self._keylog_file())
         return self._cached_server_trace
 
     # see https://www.stefanocappellini.it/generate-pseudorandom-bytes-with-python/ for benchmarks