Add optional SSL key logging? #528

Keno · 2020-04-15T06:06:54Z

In order to debug when things go wrong, it would be useful to be able to analyze the traffic in Wireshark. Of course, in general this traffic will be encrypted. However, Wireshark supports reading in the encryption key and decrypting the traffic: https://wiki.wireshark.org/TLS. It would be great if HTTP.jl could optionally write out those keys so we can look at the traffic in wirewhark.

Keno · 2020-04-15T06:15:20Z

Ah, I see MbedTLS already has secrets_log_file. Let me try that.

Keno · 2020-04-15T16:32:10Z

For my own future use, this worked fine:

@@ -652,8 +654,8 @@ function global_sslconfig(require_ssl_verification::Bool)::SSLConfig
     global default_sslconfig
     global noverify_sslconfig
     if default_sslconfig === nothing
-        default_sslconfig = SSLConfig(true)
-        noverify_sslconfig = SSLConfig(false)
+        default_sslconfig = SSLConfig(true; log_secrets="/home/keno/secrets.log")
+        noverify_sslconfig = SSLConfig(false; log_secrets="/home/keno/secrets.log")
     end
     return require_ssl_verification ? default_sslconfig : noverify_sslconfig
 end

Keno mentioned this issue Apr 15, 2020

HTTPS GET requests to S3 hang forever when doing a lot of them #517

Closed

Keno closed this as completed Apr 15, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add optional SSL key logging? #528

Add optional SSL key logging? #528

Keno commented Apr 15, 2020

Keno commented Apr 15, 2020

Keno commented Apr 15, 2020

Add optional SSL key logging? #528

Add optional SSL key logging? #528

Comments

Keno commented Apr 15, 2020

Keno commented Apr 15, 2020

Keno commented Apr 15, 2020