Support `SSLKEYLOGFILE` environment variable

To debug encrypted traffic on the client side, utilities like Wireshark [need encryption secrets](https://wiki.wireshark.org/TLS#tls-decryption).  User applications generate a log file (contains encryption secrets) that can be consumed by Wireshark if you set `SSLKEYLOGFILE` environment variable or provide an appropriate flag. 

The format used in log file is [NSS Key Log Format](https://udn.realityripple.com/docs/Mozilla/Projects/NSS/Key_Log_Format) ([primary](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format) source returns 404).

SSL Key Log generation is supported by the following environments:
- Both Chrome and Firefox support `SSLKEYLOGFILE` environment variable
- Go provides `KeyLogWriter` field in config of crypto/tls package https://pkg.go.dev/crypto/tls#example-Config-KeyLogWriter
- Node.js provides [`--tls-keylog`](https://nodejs.org/api/cli.html#--tls-keylogfile) flag and emits [`keylog`](https://nodejs.org/api/tls.html#event-keylog) event 
- cURL supports the [environment variable](https://everything.curl.dev/usingcurl/tls/sslkeylogfile.html)

Edit: the implementation should be straightforward. Rustls already supports the [environment variable](https://github.com/rustls/rustls/blob/99abca5e4965340cf6d96eaefd64452281376063/examples/src/bin/simpleclient.rs#L26).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support `SSLKEYLOGFILE` environment variable #23989

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Support SSLKEYLOGFILE environment variable #23989

Description

Activity