Dump secret key in wireshark format so tls connections can be decrypted. This uses the erlang:trace functionality which may destroy the performance of your node.

erlang tls decryption

DumpMS = fun() ->
     FindMs = fun(Socket) ->
          Pid = element(3, Socket),
          Connection = sys:get_state(Pid),
          State = element(2, Connection),
          Session = element(18, State),
          SessionId = element(2, Session),
          MasterSecret = element(7, Session),
          {SessionId, MasterSecret}
     end,

     Hex = fun(Id) -> << <<Y>> ||<<X:4>> <= Id, Y <- integer_to_list(X,16)>> end,

     {ok, File} = file:open("/tmp/tls.log", [write, append]),

     DebugHandler = fun DebugHandler() ->

          receive
               {trace, _Pid, return_from, _MFA, {ok, Socket}} ->
                    try
                         {SessionId, MasterSecret} = FindMs(Socket),
                         Bytes =  io_lib:format("RSA Session-ID:~s Master-Key:~s~n", [Hex(SessionId), Hex(MasterSecret)]),
                         file:write(File, Bytes),
                         ok
                    catch C:E ->
                         ok
                    end,
                    DebugHandler();
               quit ->
                    file:close(File),
                    ok;
               _ ->
                    DebugHandler()
          end,
          ok
     end,


     Pid = spawn(DebugHandler),

     register(ms_tracer, Pid),

     erlang:trace(processes, true, [{tracer, Pid}, call]),

     erlang:trace_pattern({ssl, connect, 2}, [{['_', '_'], [], [{return_trace}]}]),
     erlang:trace_pattern({ssl, connect, 3}, [{['_', '_', '_'], [], [{return_trace}]}]),
     erlang:trace_pattern({ssl, connect, 4}, [{['_', '_', '_', '_'], [], [{return_trace}]}]),

     Pid

end.

QuitMS = fun() ->
     erlang:trace(all, false, [{tracer, whereis(ms_tracer)}, call]),
     ms_tracer ! quit
end.

tested in R19. won't work in other versions of erlang because of changed record format.

@BenMurphy, Where does this code go? I am currently using TLS-PSK and trying to pull out the psk-identity for authentication purposes. Where is this code that the Socket is a very large tuple?