Topic: Creating a NSS Key Log File

Hi,

I am using WolfSSL and I want to create a key log file like specified here: https://developer.mozilla.org/en-US/doc … Log_Format. On OpenSSL this is fairly easy, as I can use SSL_CTX_set_keylog_callback to set a callback function, which receives all keys that are being created. Is there a similar easy way to archieve this in WolfSSL?

Best regards
he1n

Share

Re: Creating a NSS Key Log File

Hi he1n,

Yes. See `WOLFSSL_SSLKEYLOGFILE` define to output master secret used by Wireshark logging to file. Defaults to sslkeylog.log, but can be overridden using `WOLFSSL_SSLKEYLOGFILE_OUTPUT`.

1. Build wolfSSL using:
./configure CFLAGS="-DSHOW_SECRETS -DWOLFSSL_SSLKEYLOGFILE"

2. By default it outputs to a file named "sslkeylog.log" using this Wireshark Pre-Master-Secret Format:
CLIENT_RANDOM <clientrandom> <mastersecret>

3. You can tell Wireshark where to find the key file via Edit→Preferences→Protocols→SSL→(Pre)-Master-Secret log filename.

Key logging feature was added in PR 1873 (https://github.com/wolfSSL/wolfssl/pull/1873)
Commit: https://github.com/wolfSSL/wolfssl/pull … dd532b587b

You will get a compiler warning for this feature because it should never be used in production. Here is the PR with those details:
https://github.com/wolfSSL/wolfssl/pull/2053

The #warning can be ignored as error using ./configure CFLAGS="-W#warnings".

Thanks,
David Garske, wolfSSL

Share