-
-
Save exabrial/149752510666e37f478147df1a85ff8b to your computer and use it in GitHub Desktop.
haproxy log SSL master key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
lua-load haproxy.lua | |
frontend X | |
tcp-request session set-var(sess.ssl_session_id) ssl_fc_session_id,hex if { ssl_fc } | |
tcp-request content lua.ssl-log-key if { ssl_fc } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
core.register_action("ssl-log-key", { "tcp-req", "http-req" }, function(txn) | |
local dolog = false | |
local ssl_session_id = txn.sc:hex(txn.sf:ssl_fc_session_id()) | |
local ssl_session_id_var = txn:get_var("sess.ssl_session_id") | |
if ssl_session_id then | |
if not ssl_session_id_var or ssl_session_id ~= ssl_session_id_var then | |
dolog = true | |
txn:set_var("sess.ssl_session_id", ssl_session_id) | |
end | |
elseif ssl_session_id_var then | |
ssl_session_id = ssl_session_id_var | |
end | |
local ssl_session_key = txn.sc:hex(txn.sf:ssl_fc_session_key()) | |
local ssl_session_key_var = txn:get_var("sess.ssl_session_key") | |
if ssl_session_key then | |
if not ssl_session_key_var or ssl_session_key ~= ssl_session_key_var then | |
dolog = true | |
txn:set_var("sess.ssl_session_key", ssl_session_key) | |
end | |
elseif ssl_session_key_var then | |
ssl_session_id = ssl_session_key_var | |
end | |
if dolog then | |
local src = txn.sf:src() .. ":" .. txn.sf:src_port() | |
local dst = txn.sf:dst() .. ":" .. txn.sf:dst_port() | |
-- The formats supported by wireshark can be found here: | |
-- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-tls-utils.c;h=28a51fb1fb029eae5cea52d37ff5b67d9b11950f;hb=HEAD#l5209 | |
txn:log(core.debug, "SSL " .. src .. "/" .. dst .. " RSA Session-ID:" .. ssl_session_id .. " Master-Key:" .. ssl_session_key) | |
end | |
end) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment