Retrieving QUIC secrets

[Ultraxime]

Hello,

I'm doing some experience on Masquerade and wanted to analyze the traffic using Wireshark To do so, I need QUIC secrets to allow Wireshark to decipher the QUIC packet. I tried using the environment variable SSLKEYLOGFILE but it didn't get populated. Would you happen to have any idea how to do it?

Thanks

[jromwu]

Hi,

Sorry about the really late reply.

My implementation is using the certificate and private key in example_cert for the server, which you could import into Wireshark and let Wireshark derive the session key and decrypt the packet. This should theoretically work but I didn't successfully decrpyt QUIC packets using Wireshark.

[randomstuff]

QUIC uses TLS1.3 which (mostly) only supports forward secrecy so it is expected that you would not be able to passively decrypt the communications with the server private key.

This demonstrates how to add support for SSLKEYLOGFILE which appears to be straightforward to port: https://github.com/cloudflare/quiche/blob/d312a4fb03d12d7aaaf25fa10962c6d4ad44293c/apps/src/client.rs#L191