[gnutls-help] gnutls_session_get_master_secret
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Apr 15 08:29:03 CEST 2019
On Sun, Apr 14, 2019 at 8:34 PM Jeremy Harris <jgh at wizmail.org> wrote:
>
> On 14/04/2019 15:05, Nikos Mavrogiannopoulos wrote:
> > There is no master secret under TLS1.3, the secrets are derived quite
> > differently. What we probably missed is to mark this function as
> > TLS1.2 or earlier only.
>
> That makes sense; thanks.
>
> Is there some way of getting at sufficient information for a TLS1.3
> connection for wireshark to use it as decoding keys?
> (From OpenSSL I'm extracting
> SERVER_HANDSHAKE_TRAFFIC_SECRET
> EXPORTER_SECRET
> SERVER_TRAFFIC_SECRET_0
> CLIENT_HANDSHAKE_TRAFFIC_SECRET
> CLIENT_TRAFFIC_SECRET_0
> which seem to be enough).
Use the SSLKEYLOGFILE environment variable. It will create the
necessary keys in the file of your choice which you can use a key file
in wireshark.
regards,
Nikos
More information about the Gnutls-help
mailing list