Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4349] New: Add support for TLS key logs

Date: Tue, 22 Dec 2009 16:03:23 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4349

           Summary: Add support for TLS key logs
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: agl@xxxxxxxxxxxx


Created an attachment (id=4085)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4085)
patch

Build Information:
N/A
--
This patch adds support for getting the pre-master secret of a TLS connection
from a log file. Currently Wireshark can decrypt and TLS connection only if it
has the server's private key.

I commonly have a use case where I control the TLS client, but not the server.
In order to decrypt in this case, I've added support to NSS (used by Chrome and
Firefox) to log the keys to a file on disk:

https://bugzilla.mozilla.org/show_bug.cgi?id=536474

Given this file, Wireshark can then decrypt the resulting TLS connections.

The format is such that Wireshark opens and linearly scans the file each time
it sees a ClientKeyExchange. If the key log grows too large, this is pretty
inefficient. However, it's simple and the number of interesting TLS connections
when debugging is usually very small.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.