caddy icon indicating copy to clipboard operation
caddy copied to clipboard

Published 20 hours ago verified publisher icon caddyserver

Add SSL key logging.

Open Manouchehri opened this issue 3 years ago • 2 comments

Solves #4668.

Manouchehri avatar May 23 '22 16:05 Manouchehri

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar May 23 '22 16:05 CLAassistant

@francislavoie Would you mind helping me with adding how to properly parse the config?

Manouchehri avatar May 23 '22 16:05 Manouchehri

@Manouchehri I've pushed my version of this patch, based on your initial PR. After thinking about it some more I decided to leave things pretty simple: you specify a file name in the config and it writes it to a file. We can't control the format of the writing and other tools like Wireshark expect to read from a file, so we'll just do that. I also added a loud warning to the logs to indicate that TLS security is compromised when this feature is used.

Also rebased with master and marked this as experimental so we can change it later, after some field use. (Hopefully not in production.)

Caddyfile usage:

example.com

tls {
    insecure_secrets_log keys.log
}

That will log the TLS secrets for connections to example.com.

Does this change work for you? (Please try it out!)

mholt avatar Sep 15 '22 05:09 mholt

This looks good to me, thanks!

Manouchehri avatar Sep 16 '22 19:09 Manouchehri