FYI: There's now a simpler way to get the keylog

[cookiengineer]

I've seen this repository and I was actually close to forking it and trying to integrate it with the TLSSocket API as I'm trying to debug the network traffic of a TLS client in my case.

But I coincidentially found the keylog event that's being fired by the TLSSocket. The original issue in the nodejs repository didn't mention this, so I thought I let you know as it would ease up everything much much more.

(taken from the official nodejs api docs, added in v12.3.0,v10.20.0 respectively)

• https://nodejs.org/api/tls.html#tls_event_keylog_1
• https://nodejs.org/api/tls.html#tls_event_keylog

const logFile = fs.createWriteStream('/tmp/ssl-keys.log', { flags: 'a' });
// ...
tlsSocket.on('keylog', (line) => logFile.write(line));

[kolontsov]

Hi, thanks for the comment! Yes, keylog API is even mentioned in node-sslkeylog README :)

'keylog' event support was contributed to nodejs by one of node-sslkeylog developers (@mildsunrise), so yes, nowadays this node-sslkeylog is almost useless (especially after keylog was backported to node v10.20.0).

I guess I need to add LARGE deprecation warning, because I'm not going to develop node-sslkeylog anymore for obvious reasons.

[mildsunrise]

yes, you can even archive the repo I think. node-sslkeylog was previously useful because it worked as a polyfill for older versions of node, but there's no need for that by now

@cookiengineer We even added a CLI option! --tls-keylog=file will automatically log all connections there without you having to touch the code at all. Keep in mind it was buggy until some versions later though.

[cookiengineer]

In my case I was implementing a recording debugger mode for a networked test suite I'm building for my own DNS over HTTPS implementation (due to some base64url quirks that are hard to debug)... and I was stumbling through the issues in nodejs and the referenced projects before I read the README of this repo and the mention of it 🤦‍♂️

In my case I also had tcpdump running in the background only on the specified network ports (of said tests), so I kinda went with the "monkey patch" approach for tls.connect and tls.createServer that returns an instance that is being listened on as it allows to flexibly unpatch it at a later point in time. So with that approach I'm able to listen on a per-test basis which reduces the UDP multicast noise of the network a lot 🤣

[kolontsov]

I've marked npm as deprecated, added deprecation notice to readme and will archive repo now. Thanks for reminder and good luck!