search

neykov / extract-tls-secrets

Decrypt HTTPS/TLS connections on the fly with Wireshark
Apache License 2.0
400 stars 71 forks source link

Master Secret with TLS1.3 not logged #25

Open sanjerai opened 2 weeks ago

sanjerai commented 2 weeks ago

Hi

I am using your utility with my spring+jetty client and spring+netty server POC code.

My observations:

My query is wont there be a master secret with TLS1.3 traffic as well

Client log TLS 1.2

2024-11-12 11:42:11.364+05:30 Peer: localhost:8444, CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, Protocol: TLSv1.2 RSA Session-ID:8D7B35B27CE35DFF23117F980AAC336FF219F610286AC8D49059CC1E69E3BF54 Master-Key:4891A75838AA3560653B0CE6151CD47B1BC9C62A404FDA4DE242E84690F693674F5F3EF370E6E63364A37DB8F552CF75

Server log TLS 1.2

2024-11-12 11:42:11.387+05:30 CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, Protocol: TLSv1.2 RSA Session-ID:8D7B35B27CE35DFF23117F980AAC336FF219F610286AC8D49059CC1E69E3BF54 Master-Key:4891A75838AA3560653B0CE6151CD47B1BC9C62A404FDA4DE242E84690F693674F5F3EF370E6E63364A37DB8F552CF75

TLS 1.3 log

2024-11-12 12:05:22.053+05:30 Peer: localhost:8444, CipherSuite: TLS_AES_128_GCM_SHA256, Protocol: TLSv1.3 SERVER_HANDSHAKE_TRAFFIC_SECRET 0987B03B500B8B6A4E4FF7923A31A5C336DFBA8B86DB9C756FE2E4F77E11C821 6C2675138FBF21127EF06B7624E3D3B3FAF8B13F2857D4B6537129A1BAF50E0D 2024-11-12 12:05:22.056+05:30 Peer: localhost:8444, CipherSuite: TLS_AES_128_GCM_SHA256, Protocol: TLSv1.3 CLIENT_HANDSHAKE_TRAFFIC_SECRET 0987B03B500B8B6A4E4FF7923A31A5C336DFBA8B86DB9C756FE2E4F77E11C821 C2408BF1503A9C84E29F3F5E0DE2B0895E571E8499CF40335990B1A439C32BAA 2024-11-12 12:05:22.068+05:30 Peer: localhost:8444, CipherSuite: TLS_AES_128_GCM_SHA256, Protocol: TLSv1.3 SERVER_TRAFFIC_SECRET_0 0987B03B500B8B6A4E4FF7923A31A5C336DFBA8B86DB9C756FE2E4F77E11C821 8F68376B63D02214DA1D84EC8E9A82039FB3F2B801DD3AB4830C17F39B875772 2024-11-12 12:05:22.071+05:30 Peer: localhost:8444, CipherSuite: TLS_AES_128_GCM_SHA256, Protocol: TLSv1.3 CLIENT_TRAFFIC_SECRET_0 0987B03B500B8B6A4E4FF7923A31A5C336DFBA8B86DB9C756FE2E4F77E11C821 7420CF980438FB6ABA0734DA0826AAEB1984094234C19AFC7F892220F39FEA7F

neykov commented 2 weeks ago

Hi @sanjerai . As you can see from the SSLKEYLOGFILE format and the respective section on TLS 1.3 this is the expected behaviour.

sanjerai commented 1 week ago

@neykov any idea why peer details are not logged if app is attached at server side

neykov commented 1 week ago

any idea why peer details are not logged if app is attached at server side

I've observed the same behaviour, but haven't investigated further.

@makamuy do you have any more details?