Skip to content
This repository has been archived by the owner on Oct 7, 2020. It is now read-only.

Optionally log master secrets for TLS connections #59

Closed
jsha opened this issue Jun 24, 2015 · 1 comment
Closed

Optionally log master secrets for TLS connections #59

jsha opened this issue Jun 24, 2015 · 1 comment

Comments

@jsha
Copy link
Contributor

jsha commented Jun 24, 2015

Sometimes it's necessary to decrypt your own TLS connections to debug their contents. Wireshark supports this quite nicely with its decryption feature. For non-DH key agreement, you simply provide the private key of the server. However, for DH key agreement, or when you are acting only as a client, that doesn't work. Firefox and Chrome support the environment variable SSLKEYLOGFILE to write the master secrets used to a file, for decryption by Wireshark. It would be great to support this or a similar mechanism for logging master secrets in Node.

Key log format: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
Helpful Stack Exchange howto: https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites/42350#42350
Wireshark decryption docs: https://wiki.wireshark.org/SSL

@rvagg
Copy link
Member

rvagg commented Aug 12, 2015

please take this to the new https://github.com/nodejs/node repo if it's still valid for discussion

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants