From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
---|---|
To: | Максим Чистяков <gods(dot)like(dot)you(at)gmail(dot)com> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Log pre-master keys during TLS v1.3 handshake |
Date: | 2024-02-06 09:43:00 |
Message-ID: | B252E8F6-530D-4310-8320-4C9EE63D242E@yesql.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
> On 5 Feb 2024, at 22:38, Максим Чистяков <gods(dot)like(dot)you(at)gmail(dot)com> wrote:
>
> Is there a way to save the pre-master keys which are encrypted TLS handshake between PostgreSQL server and psql client due to a TLS handshake?
> For example, in a Chrome you can save those keys due to connecting through HTTPS with option --ssl-key-log-file or an environment variable SSLKEYLOGFILE (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkvECAQ&lang=en_US%E2%80%A9)
> I need the similar feature, at least in psql client (ideally, on the postgresql server side too).
>
> Why I need this:
> I'm debugging TLS connection to postgres from a rust application, used postgres-native-tls library. A psql client makes a successful TLS v1.3 connection, but my based on postgres-native-tls client fails with an "error performing TLS handshake" message. I want to dump tcp trafic, and analyze it in the Wireshark, what exactly certificates exchanged between the psql and Postgresql (succeeded TLS session), then between postgres-native-tls and postgres, and then to compare them. Buuut... to view the certificates in Wireshark, you need the TLS pre-master keys to decrypt the Encrypted Extensions packets.
There is no such thing, adding it yourself and debug your application using a
custom build is probably your best option.
--
Daniel Gustafsson
From | Date | Subject | |
---|---|---|---|
Next Message | Laurenz Albe | 2024-02-06 10:16:04 | Re: Question on partitioning |
Previous Message | Ron Johnson | 2024-02-06 09:32:23 | Re: Unused indexes |