Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for outputting an NSS key log file #248

Open
rlebeau opened this issue Feb 18, 2019 · 0 comments
Open

Add support for outputting an NSS key log file #248

rlebeau opened this issue Feb 18, 2019 · 0 comments
Labels
Element: I/O Handlers Issues related to TIdIOHandler and descendants Element: SSL/TLS Issues related to SSL/TLS handling, TIdSSLIOHandlerSocketBase and descendants Status: Deferred Issue to be re-reviewed in a future release Type: Enhancement Issue is proposing a new feature/enhancement
Milestone
Indy 12

Comments

@rlebeau
Copy link
Member

rlebeau commented Feb 18, 2019

From https://www.atozed.com/forums/showthread.php?tid=855&pid=2489#pid2489:

In conjunction with this, i have a feature request: Since it is very hard to dive into the deep of TLS processing (for non Remy's ^^), it would be very nice to have a easy-to-use way to write standard NSS files. My TIdSSLIOHandlerSocketOpenSSL.OnStatusInfoEx handler (linked in the first post in this thread) is working but a little bit freaky. OnStatusInfoEx isn't the right place to do this because it is fired too often (performance issues)

For example, a TIdSSLIOHandlerSocketOpenSSL.NSSFilePath string property and a TIdSSLIOHandlerSocketOpenSSL.NSSWriteEnabled boolean property.

See https://developer.mozilla.org/en-US/docs...Log_Format for details. Wireshark supports these files for TLS/SSL decryption. It is important to open this file (stream) for shared read-write, because Wireshark can't open it if another program has it open exclusively.

Alternatively, an event handler which is fired once after TLS/SSL connection is finally established, with all neccessary infos (secrets... ) to write a NSS file.

For clarification: I want this only for debugging purposes in the lab. Firefox and Chrome have such a thing, enabled via some developer options.

Thanks!

Also see:

https://stackoverflow.com/questions/36240279/

https://security.stackexchange.com/questions/80158/
@rlebeau rlebeau added Type: Enhancement Issue is proposing a new feature/enhancement Element: SSL/TLS Issues related to SSL/TLS handling, TIdSSLIOHandlerSocketBase and descendants Element: I/O Handlers Issues related to TIdIOHandler and descendants labels Feb 18, 2019
@rlebeau rlebeau added this to the Indy 12 milestone Feb 18, 2019
@mezen mezen mentioned this issue Apr 29, 2020
Open
@rlebeau rlebeau added the Status: Deferred Issue to be re-reviewed in a future release label Apr 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Element: I/O Handlers Issues related to TIdIOHandler and descendants Element: SSL/TLS Issues related to SSL/TLS handling, TIdSSLIOHandlerSocketBase and descendants Status: Deferred Issue to be re-reviewed in a future release Type: Enhancement Issue is proposing a new feature/enhancement
Projects
None yet
Milestone
Indy 12
Development

No branches or pull requests
1 participant
@rlebeau