From b0cf62b3a05cf1b207441de2ce3d33a3a57acd5f Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Mon, 21 Oct 2019 14:27:50 -0700 Subject: [PATCH] https: add client support for TLS keylog events The keylog event is implemented on TLS sockets, but client HTTPS uses TLS sockets managed by an agent, so accessing the underlying socket before the TLS handshake completed was not possible. Note that server HTTPS already supports the keylog event because it inherits from the TLS server. PR-URL: https://github.com/nodejs/node/pull/30053 Reviewed-By: Anna Henningsen Reviewed-By: Luigi Pinca Reviewed-By: Ben Noordhuis Reviewed-By: Colin Ihrig Reviewed-By: James M Snell --- doc/api/https.md | 25 ++++++++++++++ lib/_http_agent.js | 24 +++++++++++++ test/parallel/test-https-agent-keylog.js | 44 ++++++++++++++++++++++++ test/parallel/test-tls-keylog-tlsv13.js | 10 ++++-- 4 files changed, 100 insertions(+), 3 deletions(-) create mode 100644 test/parallel/test-https-agent-keylog.js diff --git a/doc/api/https.md b/doc/api/https.md index 0d8f859e9c7..6f0d481ffb8 100644 --- a/doc/api/https.md +++ b/doc/api/https.md @@ -45,6 +45,31 @@ changes: See [`Session Resumption`][] for information about TLS session reuse. +#### Event: 'keylog' + + +* `line` {Buffer} Line of ASCII text, in NSS `SSLKEYLOGFILE` format. +* `tlsSocket` {tls.TLSSocket} The `tls.TLSSocket` instance on which it was + generated. + +The `keylog` event is emitted when key material is generated or received by a +connection managed by this agent (typically before handshake has completed, but +not necessarily). This keying material can be stored for debugging, as it +allows captured TLS traffic to be decrypted. It may be emitted multiple times +for each socket. + +A typical use case is to append received lines to a common text file, which is +later used by software (such as Wireshark) to decrypt the traffic: + +```js +// ... +https.globalAgent.on('keylog', (line, tlsSocket) => { + fs.appendFileSync('/tmp/ssl-keys.log', line, { mode: 0o600 }); +}); +``` + ## Class: https.Server