In the 3. x version, only RSA can be decrypted in Passive-Tap mode, Diffie-Hellman (DH) cannot be decrypted, and DH decryption is possible only in Inline mode.

Why can decrypt DH only in Inline-mode?

The Diffie-Hellman (DH) uses PFS(perfect forward secrecy). This means that in order for us to encrypt/decrypt we have to be in line so we can negotiate the unique session keys.

Also, to keep you informed 3. x is currently end of life/end of support. Currently, passive tap is not supported with SSLv 4.5.