Re: Log pre-master keys during TLS v1.3 handshake
| От | Daniel Gustafsson |
|---|---|
| Тема | Re: Log pre-master keys during TLS v1.3 handshake |
| Дата | |
| Msg-id | B252E8F6-530D-4310-8320-4C9EE63D242E@yesql.se обсуждение исходный текст |
| Ответ на | Log pre-master keys during TLS v1.3 handshake (Максим Чистяков <gods.like.you@gmail.com>) |
| Список | pgsql-general |
> On 5 Feb 2024, at 22:38, Максим Чистяков <gods.like.you@gmail.com> wrote: > > Is there a way to save the pre-master keys which are encrypted TLS handshake between PostgreSQL server and psql clientdue to a TLS handshake? > For example, in a Chrome you can save those keys due to connecting through HTTPS with option --ssl-key-log-file or an environmentvariable SSLKEYLOGFILE (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkvECAQ&lang=en_US%E2%80%A9). > I need the similar feature, at least in psql client (ideally, on the postgresql server side too). > > Why I need this: > I'm debugging TLS connection to postgres from a rust application, used postgres-native-tls library. A psql client makesa successful TLS v1.3 connection, but my based on postgres-native-tls client fails with an "error performing TLS handshake"message. I want to dump tcp trafic, and analyze it in the Wireshark, what exactly certificates exchanged betweenthe psql and Postgresql (succeeded TLS session), then between postgres-native-tls and postgres, and then to comparethem. Buuut... to view the certificates in Wireshark, you need the TLS pre-master keys to decrypt the Encrypted Extensionspackets. There is no such thing, adding it yourself and debug your application using a custom build is probably your best option. -- Daniel Gustafsson
В списке pgsql-general по дате отправления: