You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TLS configs in Go have a KeyLogWriter which writes secrets for easy decryption later (e.g for use with Wireshark). This is similar to curl's SSLKEYLOGFILE= env var. Please can you add the ability to do this in dtls.Config.
// KeyLogWriter optionally specifies a destination for TLS master secrets// in NSS key log format that can be used to allow external programs// such as Wireshark to decrypt TLS connections.// See https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format.// Use of KeyLogWriter compromises security and should only be// used for debugging.KeyLogWriterio.Writer// Go 1.8
The text was updated successfully, but these errors were encountered:
I would love to accept a PR for this! You can intercept/write the values where it initialize the CipherSuite. here and here
I think you can accomplish what you want today with Export. The state doesn't export its members, but you can use reflection/unsafe to access the private members.
From there you have the keying material, CipherSuite and enough info to even assert if you lost any packets in your capture!
kegsay
added a commit
to kegsay/dtls
that referenced
this issue
Feb 4, 2021
Summary
TLS configs in Go have a
KeyLogWriter
which writes secrets for easy decryption later (e.g for use with Wireshark). This is similar tocurl
'sSSLKEYLOGFILE=
env var. Please can you add the ability to do this indtls.Config
.Motivation
It's useful to be able to decrypt DTLS streams when debugging/testing. This feature is available in
tls.Config
- https://golang.org/pkg/crypto/tls/#ConfigThe text was updated successfully, but these errors were encountered: