mirror of
https://github.com/wader/fq.git
synced 2024-12-22 21:01:37 +03:00
0b6ef2a9d8
unused-parameter disabled as i prefer to see the names new default revive config seems to not warn about capital names |
||
---|---|---|
.. | ||
ciphersuites | ||
keylog | ||
rezlib | ||
testdata | ||
tlsdecrypt | ||
alerts.go | ||
extensions.go | ||
README.md | ||
tls.go | ||
tls.md |
Dev notes
TLS deflate compression seems to actually be zlib, so zlib header + deflate. Also each record is compressed with a flush (trailing 0x00 0x00 0xff 0xff) so that they can be uncompressed individually.
https://lekensteyn.nl/files/wireshark-ssl-tls-decryption-secrets-sharkfest18eu.pdf
tshark -x -V -o tls.keylog_file:file.keylog -r file.pcap
Wireshark gui has TLS debug option to write key/iv etc
tcpdump -i en0 -w file.pcap
SSLKEYLOGFILE=file.keylog /path/to/sslkey-able/curl --http1.1 -tlsv1.2 --tls-max 1.2 -v https://host/path
TLS 1.3 dumps https://gitlab.com/wireshark/wireshark/-/issues/12779