Wiresharking libtls

Joe Nelson joe at begriffs.com
Fri May 8 05:37:43 UTC 2020


Hey June, have you tried decrypting LibreSSL traffic in wireshark? I'm
trying to do it with my irc bouncer, but I can't get it to work. My RSA
private key isn't good enough because my program does a Diffie Hellman
key exchange with Freenode and creates an ephemeral session key.

Programs like Firefox consult an SSLKEYLOGFILE environment variable to
log those keys, but I don't think LibreSSL does. I'm trying to implement
this, but having trouble. If I could just extract the SSL connection
from inside the tls structure (tls->ssl_conn, defined in tls_internal.h)
then I think the following would work, but the internals of the
structure are inaccessible to my program.

Do you know how to extract the master key, or know a way to prevent the
DH key exchange from happening?

bool tls_dump_keylog(struct tls *tls, char *path)
{
	size_t len_key, len_id;
	SSL_SESSION *sess;
	unsigned char key[256];
	const unsigned char *id;
	FILE *fp;

	sess = SSL_get_session(tls->ssl_conn);
	if (!sess)
	{
		fprintf(stderr, "Failed to get SSL session for TLS\n");
		return false;
	}
	len_key = SSL_SESSION_get_master_key(sess, key, sizeof key);
	id      = SSL_SESSION_get_id(sess, &len_id);

	if ((fp = fopen(path, "w")) == NULL)
	{
		fprintf(stderr, "Unable to write keylog to '%s'\n", path);
		return false;
	}
	fputs("RSA Session-ID:", fp);
	_writehex(fp, id, len_id);
	fputs(" Master-Key:", fp);
	_writehex(fp, key, len_key);
	fputs("\n", fp);
	fclose(fp);
	return true;
}


More information about the Friends mailing list