krizhanovsky
commented
1 month ago This could be not so easy to design. TLS handshakes happen in softirq, so we can not do any filesystem related operations there. Probably, we can use some virtual filesystem interfaces like /proc or store the keys in a shared memory and later on "some" event dump them.
In some cases, we need to decrypt TLS traffic and we don't have access to temporary client keys. So we should add directive for saving temporary server keys because TempestaFW uses PFS and we cannot decrypt traffic without them.
Documentation
Please, add info to Development-guidelines page.