-
-
Save phemmer/31e89d1a3823230de1e1c47386ff508b to your computer and use it in GitHub Desktop.
| global | |
| lua-load haproxy.lua | |
| frontend X | |
| tcp-request session set-var(sess.ssl_session_id) ssl_fc_session_id,hex if { ssl_fc } | |
| tcp-request content lua.ssl-log-key if { ssl_fc } |
| core.register_action("ssl-log-key", { "tcp-req", "http-req" }, function(txn) | |
| local dolog = false | |
| local ssl_session_id = txn.sc:hex(txn.sf:ssl_fc_session_id()) | |
| local ssl_session_id_var = txn:get_var("sess.ssl_session_id") | |
| if ssl_session_id then | |
| if not ssl_session_id_var or ssl_session_id ~= ssl_session_id_var then | |
| dolog = true | |
| txn:set_var("sess.ssl_session_id", ssl_session_id) | |
| end | |
| elseif ssl_session_id_var then | |
| ssl_session_id = ssl_session_id_var | |
| end | |
| local ssl_session_key = txn.sc:hex(txn.sf:ssl_fc_session_key()) | |
| local ssl_session_key_var = txn:get_var("sess.ssl_session_key") | |
| if ssl_session_key then | |
| if not ssl_session_key_var or ssl_session_key ~= ssl_session_key_var then | |
| dolog = true | |
| txn:set_var("sess.ssl_session_key", ssl_session_key) | |
| end | |
| elseif ssl_session_key_var then | |
| ssl_session_id = ssl_session_key_var | |
| end | |
| if dolog then | |
| local src = txn.sf:src() .. ":" .. txn.sf:src_port() | |
| local dst = txn.sf:dst() .. ":" .. txn.sf:dst_port() | |
| -- The formats supported by wireshark can be found here: | |
| -- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-tls-utils.c;h=28a51fb1fb029eae5cea52d37ff5b67d9b11950f;hb=HEAD#l5209 | |
| txn:log(core.debug, "SSL " .. src .. "/" .. dst .. " RSA Session-ID:" .. ssl_session_id .. " Master-Key:" .. ssl_session_key) | |
| end | |
| end) |
Here is the whole link in the comment: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-tls-utils.c;h=28a51fb1fb029eae5cea52d37ff5b67d9b11950f;hb=HEAD#l5209
edit: that hostname DNS is dead now though, here is the code on GitLab https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-tls-utils.c, but that commit doesn't exist and the line number doesn't line up anymore. If anyone can find the right line number please post back, thanks!
I couldn't find the original commit or line number, but if it may be of help I did find that modern wireshark has a hint when you hover with the mouse on on the secret keys log filename:
Transcription:
The name of a file which contains a list of (pre-)master secrets in one of the following formats:
RSA
RSA Session-ID: Master-Key:
CLIENT_RANDOM
PMS_CLIENT_RANDOM
Where:
= First 8 bytes of the Encrypted PMS
= The Pre-Master-Secret (PMS) used to derive the MS
= The SSL Session ID
= The Master-Secret (MS)
= The Client's random number from the ClientHello message
(All fields are in hex notation)
tls.keylog_file
Unfortunately, the dumping of keys also only works for me with TLS1.2, but even if they are dumped in the logs Wireshark doesn't show the clear text traffic yet.
I found the answer, it'll go out the global log. https://www.haproxy.com/blog/introduction-to-haproxy-logging