#24 SSLKEYLOGFILE support

[AmigoJack]

If you define a system environment variable named SSLKEYLOGFILE with the value of a file to be created somewhere, then a couple of internet browsers (i.e. Firefox, Chrome...) use this file to fill it with TLS secrets that can be used by Wireshark to decrypt captured SSL traffic into readible HTTP traffic. The file's format is explained by Mozilla and looks pretty easy. It would be great if Synapse could be enabled to write SSL secrets into it, too.

Why would this be a benefit? The traffic from internet browsers can almost be analyzed by their own tools, but Wireshark has more details. But developing your own program it's difficult to see everything at once (request, response, headers, method...) to make sure everything acts as intended. And Wireshark can only capture SSL/TLS without being able to decrypt it. That's why support for exporting the secret keys into that file would be great.

My core request is: at which places could those secrets be exported? As far as I understand it only CLIENT_RANDOM need to be realized, given that only TLS up to 1.2 is supported.

[Geby]

TLS1.3 is supported too, see the ssl_openssl11 plugin.

This is for my remind: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_keylog_callback.html