[gnutls-help] gnutls_session_get_master_secret

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Apr 15 08:29:03 CEST 2019


On Sun, Apr 14, 2019 at 8:34 PM Jeremy Harris <jgh at wizmail.org> wrote:
>
> On 14/04/2019 15:05, Nikos Mavrogiannopoulos wrote:
> > There is no master secret under TLS1.3, the secrets are derived quite
> > differently. What we probably missed is to mark this function as
> > TLS1.2 or earlier only.
>
> That makes sense; thanks.
>
> Is there some way of getting at sufficient information for a TLS1.3
> connection for wireshark to use it as decoding keys?
> (From OpenSSL I'm extracting
>  SERVER_HANDSHAKE_TRAFFIC_SECRET
>  EXPORTER_SECRET
>  SERVER_TRAFFIC_SECRET_0
>  CLIENT_HANDSHAKE_TRAFFIC_SECRET
>  CLIENT_TRAFFIC_SECRET_0
> which seem to be enough).

Use the SSLKEYLOGFILE environment variable. It will create the
necessary keys in the file of your choice which you can use a key file
in wireshark.

regards,
Nikos



More information about the Gnutls-help mailing list