Topic: Creating a NSS Key Log File


I am using WolfSSL and I want to create a key log file like specified here: … Log_Format. On OpenSSL this is fairly easy, as I can use SSL_CTX_set_keylog_callback to set a callback function, which receives all keys that are being created. Is there a similar easy way to archieve this in WolfSSL?

Best regards


Re: Creating a NSS Key Log File

Hi he1n,

Yes. See `WOLFSSL_SSLKEYLOGFILE` define to output master secret used by Wireshark logging to file. Defaults to sslkeylog.log, but can be overridden using `WOLFSSL_SSLKEYLOGFILE_OUTPUT`.

1. Build wolfSSL using:

2. By default it outputs to a file named "sslkeylog.log" using this Wireshark Pre-Master-Secret Format:
CLIENT_RANDOM <clientrandom> <mastersecret>

3. You can tell Wireshark where to find the key file via Edit→Preferences→Protocols→SSL→(Pre)-Master-Secret log filename.

Key logging feature was added in PR 1873 (
Commit: … dd532b587b

You will get a compiler warning for this feature because it should never be used in production. Here is the PR with those details:

The #warning can be ignored as error using ./configure CFLAGS="-W#warnings".

David Garske, wolfSSL