| From: | Максим Чистяков <gods(dot)like(dot)you(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Log pre-master keys during TLS v1.3 handshake |
| Date: | 2024-02-05 21:38:57 |
| Message-ID: | CACRpyT8JsEjZUSRebjO+Z3XCfoP0VxBuhxZ+BNJQDXHTwTWZ4Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Is there a way to save the pre-master keys which are encrypted TLS
handshake between PostgreSQL server and psql client due to a TLS handshake?
For example, in a Chrome you can save those keys due to connecting through
HTTPS with option --ssl-key-log-file or an environment variable
SSLKEYLOGFILE (
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkvECAQ&lang=en_US%E2%80%A9
).
I need the similar feature, at least in psql client (ideally, on the
postgresql server side too).
Why I need this:
I'm debugging TLS connection to postgres from a rust application, used
postgres-native-tls
library. A psql client makes a successful TLS v1.3 connection, but my based
on postgres-native-tls client fails with an "error performing TLS
handshake" message. I want to dump tcp trafic, and analyze it in the
Wireshark, what exactly certificates exchanged between the psql and
Postgresql (succeeded TLS session), then between postgres-native-tls and
postgres, and then to compare them. Buuut... to view the certificates in
Wireshark, you need the TLS pre-master keys to decrypt the Encrypted
Extensions packets.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Gauthier | 2024-02-05 23:08:46 | Deleting duplicate rows using ctid ? |
| Previous Message | Adrian Klaver | 2024-02-05 20:52:16 | Re: Improving pg_dump performance when handling large numbers of LOBs |