[Bug 63391] New: Provide ability to log key material for session decryption

bugzilla Mon, 29 Apr 2019 07:17:55 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=63391


            Bug ID: 63391
           Summary: Provide ability to log key material for session
                    decryption
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_ssl
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

GnuTLS and NSS provide native support for SSLKEYLOGFILE[1,2], allowing seamless
support for logging keys necessary to decrypt the TLS session for debugging.

Unfortunately OpenSSL developers decided to expose it using an API[3], not
through environment variable. Given that using RSA key exchange and using
server private key to decrypt a session is no longer possible in TLS 1.3, I'd
like to ask for support of SSLKEYLOGFILE in mod_ssl too.

Using that environment variable name does look like it is becoming a standard:
curl[4] does implement it like that.


 1 -
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
 2 - https://gnutls.org/manual/html_node/Debugging-and-auditing.html
 3 -
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_keylog_callback.html
 4 - https://daniel.haxx.se/blog/2018/01/15/inspect-curls-tls-traffic/

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 63391] New: Provide ability to log key material for session decryption

Reply via email to