0

I see this. Is SSLKEYLOGFILE defined by the specific SSL package used by curl?

$ SSLKEYLOGFILE=sslkey.log curl -s https://httpbin.org > /dev/null
$ cat sslkey.log
CLIENT_RANDOM 73c0277fd99b097691bc1745f14376cf9cca3c75f357ce4d276de9402d17e1b3 1cccf53210ce60caf626c39e55bf988d2666146dd0597437ba3b3feb745f53360683e86e00f77c7f93068f63fc24f551

Or it is a standard of all implementations of SSL. For example, if I set SSLKEYLOGFILE as an environment variable, then call a Java program that uses SSL. Will the SSL key log be captured as well?

user1424739
  • 11,937
  • 17
  • 63
  • 152
  • 3
    It is a defacto and very unofficial standard, and thus support is spotty. Chrome once supported it but I don't think it still does, while Firefox (actually the NSS library) supports it. The openssl library has optional support, and python's ssl module supports it. I don't think Java or .Net support it. You'll have to check each tool/library/ssl client to see if SSLKEYLOGFILE is supported. – President James K. Polk Dec 05 '21 at 23:00
  • 1
    Note `curl` can use [many different SSL/TLS libs](https://curl.se/docs/ssl-compared.html) depending on where and how it is built, and details like this vary depending on which is used – dave_thompson_085 Dec 06 '21 at 01:07

0 Answers0