Is it possible to extract the Wireshark keylog information directly from the TLSv1.3 handshake in a Java app? If so, how do I map the fields, or is additional material not shared in the handshake required?
From the following links, I believe I need
NSS Key Log Format for TLSv1.3 connections https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
Such that I can enable wireshark traffic sniffing https://ask.wireshark.org/question/2691/decrypting-tls-traffic-using-rsa-pre-master-secret/
CLIENT_EARLY_TRAFFIC_SECRET is the encryption key for 0-RTT data;
SERVER_HANDSHAKE_TRAFFIC_SECRET is the key used by the server to encrypt the handshake message;
SERVER_TRAFFIC_SECRET_0 is the key for encrypting application data on the server side;
CLIENT_HANDSHAKE_TRAFFIC_SECRET is the key used by the client to encrypt the handshake message;
CLIENT_TRAFFIC_SECRET_0 is the key for encrypting application data on the client side.
No session to resume.
Produced ClientHello handshake message
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "C6 D4 B5 79 08 D9 1D D1 55 94 73 06 09 E0 6B BC C6 BD 71 C2 4F 9C 76 3D C8 46 01 B5 31 6A 93 F9",
"session id" : "34 48 28 7C 64 B3 03 37 86 2A 6B EB 7E 51 62 DC 74 80 1E 57 77 01 B7 C5 D5 0D 5C 94 34 B5 70 96",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=www.facebook.com
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"application_layer_protocol_negotiation (16)": {
[h2, http/1.1]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"session_ticket (35)": {
<empty>
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: BC 73 6E 4F 12 5E 8E 42 90 32 56 F6 5C 4F 1A 07 .snO.^.B.2V.\O..
...
}
},
]
},
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
}
]
}
Consuming ServerHello handshake message
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "EB 32 A7 CA 33 A8 57 E5 DE F2 0D 0F 39 C2 AA 95 0A BF A6 26 48 A0 0B 7E 89 90 0B 4C 39 48 D3 C8",
"session id" : "34 48 28 7C 64 B3 03 37 86 2A 6B EB 7E 51 62 DC 74 80 1E 57 77 01 B7 C5 D5 0D 5C 94 34 B5 70 96",
"cipher suite" : "TLS_AES_128_GCM_SHA256(0x1301)",
"compression methods" : "00",
"extensions" : [
"supported_versions (43)": {
"selected version": [TLSv1.3]
},
"key_share (51)": {
"server_share": {
"named group": x25519
"key_exchange": {
0000: 68 42 BE 6F 3B 35 44 8F 9F 0F D3 86 47 8C AB 97 hB.o;5D.....G...
...
}
},
}
]
}
Negotiated protocol version: TLSv1.3
Mar 10, 2021 8:45:05 AM sun.security.ssl.SSLLogger log
WARNING: Ignore impact of unsupported extension: supported_versions
Mar 10, 2021 8:45:05 AM sun.security.ssl.SSLLogger log
WARNING: Ignore impact of unsupported extension: key_share
Consuming ChangeCipherSpec message
Consuming EncryptedExtensions handshake message
"EncryptedExtensions": [
"application_layer_protocol_negotiation (16)": {
[h2]
}
]
Mar 10, 2021 8:45:05 AM sun.security.ssl.SSLLogger log
WARNING: Ignore impact of unsupported extension: application_layer_protocol_negotiation
Consuming server Certificate handshake message
"Certificate": {
"certificate_request_context": "",
"certificate_list": [
{
"certificate" : {
"version" : "v3",
"serial number" : "03 77 ED DC FA F8 BE 34 BA 23 3C 7C 2B 9A 31 7F",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"not before" : "2021-02-10 24:00:00.000 GMT",
"not after" : "2021-05-11 24:59:59.000 BST",
"subject" : "CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US",
"subject public key" : "EC",
"extensions" : [
{
ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
},
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.digicert.com
,
accessMethod: caIssuers
accessLocation: URIName: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 51 68 FF 90 AF 02 07 75 3C CC D9 65 64 62 A2 12 Qh.....u<..edb..
0010: B8 59 72 3B .Yr;
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl3.digicert.com/sha2-ha-server-g6.crl]
, DistributionPoint:
[URIName: http://crl4.digicert.com/sha2-ha-server-g6.crl]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 3A 2F 2F 77 77 77 2E 64 69 67 ..http://www.dig
0010: 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 icert.com/CPS
]] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.facebook.com
DNSName: *.facebook.net
DNSName: *.fbcdn.net
DNSName: *.fbsbx.com
DNSName: *.m.facebook.com
DNSName: *.messenger.com
DNSName: *.xx.fbcdn.net
DNSName: *.xy.fbcdn.net
DNSName: *.xz.fbcdn.net
DNSName: facebook.com
DNSName: messenger.com
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: A1 DE 5B 01 7E 24 95 35 8A 6B D8 F1 A2 D8 DE 6C ..[..$.5.k.....l
0010: F2 7F D0 72 ...r
]
]
}
]}
"extensions": {
<no extension>
}
},
{
"certificate" : {
"version" : "v3",
"serial number" : "04 E1 E7 A4 DC 5C F2 F3 6D C0 2B 42 B8 5D 15 9F",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"not before" : "2013-10-22 13:00:00.000 BST",
"not after" : "2028-10-22 13:00:00.000 BST",
"subject" : "CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.digicert.com
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B1 3E C3 69 03 F8 BF 47 01 D4 98 26 1A 08 02 EF .>.i...G...&....
0010: 63 64 2B C3 cd+.
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di
0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS
]] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 51 68 FF 90 AF 02 07 75 3C CC D9 65 64 62 A2 12 Qh.....u<..edb..
0010: B8 59 72 3B .Yr;
]
]
}
]}
"extensions": {
<no extension>
}
},
]
}
Consuming CertificateVerify handshake message
"CertificateVerify": {
"signature algorithm": ecdsa_secp256r1_sha256
"signature": {
0000: 30 44 02 20 54 1B D0 4E 1F 4A 1D 81 14 5D 09 13 0D. T..N.J...]..
...
0040: 80 3D 18 55 09 76 .=.U.v
}
}
Consuming server Finished handshake message
"Finished": {
"verify data": {
0000: 82 87 22 9A 5B 35 71 7C C3 6C F7 09 12 47 76 28 ..".[5q..l...Gv(
...
}'}
Produced client Finished handshake message
"Finished": {
"verify data": {
0000: AC EF AD 9B 52 3C 8A 2B B2 EB 9A 4B 11 90 C1 4D ....R<.+...K...M
...
}'}
Consuming NewSessionTicket message
"NewSessionTicket": {
"ticket_lifetime" : "172,800",
"ticket_age_add" : "<omitted>",
"ticket_nonce" : "",
"ticket" : {
0000: 6E 93 6F BF 75 B2 6B EE 99 2C C6 F0 7B 13 EE 10 n.o.u.k..,......
...
0080: D4 13 1C BB
} "extensions" : [
<no extension>
]
}
Session resumed via session tickets
Found resumable session. Preparing PSK message.
Produced ClientHello handshake message
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "DD 34 BC EB 28 54 19 09 5F C5 CA F1 83 7E 67 7D FE 3D BB 76 CE 53 59 AB 80 F7 C3 E5 4F 40 4A 53",
"session id" : "",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=www.facebook.com
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"application_layer_protocol_negotiation (16)": {
[h2, http/1.1]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"session_ticket (35)": {
"ticket" : {
0000: 6E 93 6F BF 75 B2 6B EE 99 2C C6 F0 7B 13 EE 10 n.o.u.k..,......
...
0080: D4 13 1C BB
}
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: DB 61 AF 14 CF BB 63 42 C4 70 2A 71 4C A3 EB 79 .a....cB.p*qL..y
...
}
},
]
},
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
},
"pre_shared_key (41)": {
"PreSharedKey": {
"identities": {
{
0000: 6E 93 6F BF 75 B2 6B EE 99 2C C6 F0 7B 13 EE 10 n.o.u.k..,......
...
0080: D4 13 1C BB
}
} "binders": " {B2 2A 3E 8C 5B 81 22 F2 E7 A4 2A BA F8 41 E9 63 A3 AF 43 84 C7 A0 B9 4C E3 24 BE 76 6D E3 3F 80}",
}
}
]
}
Consuming ServerHello handshake message
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "8E 9D 63 CE 52 76 5C 6F 36 42 64 BF 6E 4E 7A C6 E5 EA E7 FC 1A 4B 38 7E 6D 3F 42 32 0C 1B 73 8E",
"session id" : "",
"cipher suite" : "TLS_AES_128_GCM_SHA256(0x1301)",
"compression methods" : "00",
"extensions" : [
"supported_versions (43)": {
"selected version": [TLSv1.3]
},
"key_share (51)": {
"server_share": {
"named group": x25519
"key_exchange": {
0000: C8 11 0B E3 07 D8 63 DB 1A FF 27 01 8C 9F 72 3F ......c...'...r?
...
}
},
},
"pre_shared_key (41)": {
"PreSharedKey": {
"selected_identity" : "0x0000",
}
}
]
}
Negotiated protocol version: TLSv1.3
Resuming session:
Session(1615365905292|TLS_AES_128_GCM_SHA256)
Using PSK to derive early secret
Consuming EncryptedExtensions handshake message
"EncryptedExtensions": [
"application_layer_protocol_negotiation (16)": {
[h2]
}
]
Consuming server Finished handshake message
"Finished": {
"verify data": {
0000: A4 FE 97 15 DA 48 EE 7D 7A CC D8 B3 82 98 53 89 .....H..z.....S.
...
}'}
Mar 10, 2021 8:45:05 AM sun.security.ssl.SSLLogger log
WARNING: Ignore impact of unsupported extension: supported_versions
Mar 10, 2021 8:45:05 AM sun.security.ssl.SSLLogger log
WARNING: Ignore impact of unsupported extension: key_share
Mar 10, 2021 8:45:05 AM sun.security.ssl.SSLLogger log
WARNING: Ignore impact of unsupported extension: pre_shared_key
Mar 10, 2021 8:45:05 AM sun.security.ssl.SSLLogger log
WARNING: Ignore impact of unsupported extension: application_layer_protocol_negotiation
Produced client Finished handshake message
"Finished": {
"verify data": {
0000: 4D 4C 7E 7E 1A 85 BB 84 8C 34 B6 8A DC EC 72 03 ML.......4....r.
0010: 1D 7C C9 61 7E F8 D3 BA 60 72 CB BD 24 30 2B EF ...a....`r..$0+.
}'}
Consuming NewSessionTicket message
"NewSessionTicket": {
"ticket_lifetime" : "172,800",
"ticket_age_add" : "<omitted>",
"ticket_nonce" : "",
"ticket" : {
0000: 19 65 E4 36 08 5B 93 1F BA 42 86 2B 75 5A 6A 0B .e.6.[...B.+uZj.
...
0070: BD 46 CC A0 6E A9 45 61 03 39 9A 2E 0C 5D CA 3B .F..n.Ea.9...].;
0080: 1A 30 20 AE
} "extensions" : [
<no extension>
]
}
To enable wireshark traffic sniffing
Also https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites https://ask.wireshark.org/question/2691/decrypting-tls-traffic-using-rsa-pre-master-secret/
– Yuri Schimke Mar 11 '21 at 11:38