Welcome to sslkeylog’s documentation!

This is an implementation of the SSLKEYLOGFILE facility, available in Firefox and Chromium/Google Chrome, that is supported by Wireshark in order to decrypt SSL/TLS connections even when you don’t have the private key, or when using key exchange methods that will prevent decryption even if you do (Such as Diffie-Hellman).

This is for the standard library ssl module, it won’t work for other ssl modules.

sslkeylog

This module provides a facility for logging SSL/TLS keys that can be used for decrypting SSL/TLS connections.

Quickstart:

import os
import sslkeylog

sslkeylog.set_keylog(os.environ.get('SSLKEYLOGFILE'))  # Or directly specify a path

# Do anything involving SSL (Using the built-in ssl module)

Set the SSLKEYLOGFILE environment variable if you use it, and set “(Pre)-Master-Secret log filename” in Wireshark’s SSL protocol preferences to the resulting file.

sslkeylog.get_client_random(sock)

Get the client random from an ssl.SSLSocket or ssl.SSLObject.

sslkeylog.get_master_key(sock)

Get the master key from an ssl.SSLSocket or ssl.SSLObject.

sslkeylog.get_keylog_line(sock)

Generate a key log line from an ssl.SSLSocket or ssl.SSLObject.

sslkeylog.set_keylog(dest)

Set the key log to dest which can be either a path, a file-like object or a callback.

The key log is process-wide and will log keys for all SSL/TLS connections in the process.

A callback will be called with the socket, and a key log line which should be written to the key log.

This will apply the monkey patch needed to implement this if it’s not already applied, see patch().

sslkeylog.patch()

Apply the monkey patch used to implement the key log, if not already patched.

sslkeylog.unpatch()

Unapply the monkey patch used to implement the key log, if it was applied.

Indices and tables