-
-
Save phemmer/31e89d1a3823230de1e1c47386ff508b to your computer and use it in GitHub Desktop.
| global | |
| lua-load haproxy.lua | |
| frontend X | |
| tcp-request session set-var(sess.ssl_session_id) ssl_fc_session_id,hex if { ssl_fc } | |
| tcp-request content lua.ssl-log-key if { ssl_fc } |
| core.register_action("ssl-log-key", { "tcp-req", "http-req" }, function(txn) | |
| local dolog = false | |
| local ssl_session_id = txn.sc:hex(txn.sf:ssl_fc_session_id()) | |
| local ssl_session_id_var = txn:get_var("sess.ssl_session_id") | |
| if ssl_session_id then | |
| if not ssl_session_id_var or ssl_session_id ~= ssl_session_id_var then | |
| dolog = true | |
| txn:set_var("sess.ssl_session_id", ssl_session_id) | |
| end | |
| elseif ssl_session_id_var then | |
| ssl_session_id = ssl_session_id_var | |
| end | |
| local ssl_session_key = txn.sc:hex(txn.sf:ssl_fc_session_key()) | |
| local ssl_session_key_var = txn:get_var("sess.ssl_session_key") | |
| if ssl_session_key then | |
| if not ssl_session_key_var or ssl_session_key ~= ssl_session_key_var then | |
| dolog = true | |
| txn:set_var("sess.ssl_session_key", ssl_session_key) | |
| end | |
| elseif ssl_session_key_var then | |
| ssl_session_id = ssl_session_key_var | |
| end | |
| if dolog then | |
| local src = txn.sf:src() .. ":" .. txn.sf:src_port() | |
| local dst = txn.sf:dst() .. ":" .. txn.sf:dst_port() | |
| -- The formats supported by wireshark can be found here: | |
| -- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-tls-utils.c;h=28a51fb1fb029eae5cea52d37ff5b67d9b11950f;hb=HEAD#l5209 | |
| txn:log(core.debug, "SSL " .. src .. "/" .. dst .. " RSA Session-ID:" .. ssl_session_id .. " Master-Key:" .. ssl_session_key) | |
| end | |
| end) |
I couldn't find the original commit or line number, but if it may be of help I did find that modern wireshark has a hint when you hover with the mouse on on the secret keys log filename:
Transcription:
The name of a file which contains a list of (pre-)master secrets in one of the following formats:
RSA
RSA Session-ID: Master-Key:
CLIENT_RANDOM
PMS_CLIENT_RANDOM
Where:
= First 8 bytes of the Encrypted PMS
= The Pre-Master-Secret (PMS) used to derive the MS
= The SSL Session ID
= The Master-Secret (MS)
= The Client's random number from the ClientHello message
(All fields are in hex notation)
tls.keylog_file
Unfortunately, the dumping of keys also only works for me with TLS1.2, but even if they are dumped in the logs Wireshark doesn't show the clear text traffic yet.
Here is the whole link in the comment: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-tls-utils.c;h=28a51fb1fb029eae5cea52d37ff5b67d9b11950f;hb=HEAD#l5209
edit: that hostname DNS is dead now though, here is the code on GitLab https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-tls-utils.c, but that commit doesn't exist and the line number doesn't line up anymore. If anyone can find the right line number please post back, thanks!