On Sun, Apr 14, 2019 at 8:34 PM Jeremy Harris <[email protected]> wrote: > > On 14/04/2019 15:05, Nikos Mavrogiannopoulos wrote: > > There is no master secret under TLS1.3, the secrets are derived quite > > differently. What we probably missed is to mark this function as > > TLS1.2 or earlier only. > > That makes sense; thanks. > > Is there some way of getting at sufficient information for a TLS1.3 > connection for wireshark to use it as decoding keys? > (From OpenSSL I'm extracting > SERVER_HANDSHAKE_TRAFFIC_SECRET > EXPORTER_SECRET > SERVER_TRAFFIC_SECRET_0 > CLIENT_HANDSHAKE_TRAFFIC_SECRET > CLIENT_TRAFFIC_SECRET_0 > which seem to be enough).
Use the SSLKEYLOGFILE environment variable. It will create the necessary keys in the file of your choice which you can use a key file in wireshark. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
