Hello,
on the Centos 8 in the mod_ssl is function that stores pre-master secret keys in a file, and i load this file to wireshark and decrypt stored traffic over TLS 1.3.. It's simple, I set an environment variable called "SSLKEYLOGFILE" on systemd of apache, so it works on the Centos 8. But its does not work on the FreeBSD. I trying put SSLKEYLOGFILE variable to rc script for apache (/usr/local/etc/rc.d/apache24), and when i restart the apache and load web page, so SSLKEYLOG file is created but file is empty. I did try compare the mod_ssl on the FreeBSD and on the Centos 8:
Centos 8:
#strings mod_ssl.so | grep -i "mod_ssl\/"
mod_ssl/2.4.37
#strings mod_ssl.so | grep -i "sslkeylogfile"
SSLKEYLOGFILE
AH10226: Could not open log file '%s' configured via SSLKEYLOGFILE
FreeBSD 12.2:
#strings mod_ssl.so | grep -i "mod_ssl\/"
Amod_ssl/2.4.48
#strings mod_ssl.so | grep -i "sslkeylogfile"
NOTHING
It's posible, that mod_ssl on FreeBSD 12.2 do not have function for logging pre-master secret keys? Have you got any idea how can i decrypt TLS1.3 on FreeBSD with apache24?
Thanks.
on the Centos 8 in the mod_ssl is function that stores pre-master secret keys in a file, and i load this file to wireshark and decrypt stored traffic over TLS 1.3.. It's simple, I set an environment variable called "SSLKEYLOGFILE" on systemd of apache, so it works on the Centos 8. But its does not work on the FreeBSD. I trying put SSLKEYLOGFILE variable to rc script for apache (/usr/local/etc/rc.d/apache24), and when i restart the apache and load web page, so SSLKEYLOG file is created but file is empty. I did try compare the mod_ssl on the FreeBSD and on the Centos 8:
Centos 8:
#strings mod_ssl.so | grep -i "mod_ssl\/"
mod_ssl/2.4.37
#strings mod_ssl.so | grep -i "sslkeylogfile"
SSLKEYLOGFILE
AH10226: Could not open log file '%s' configured via SSLKEYLOGFILE
FreeBSD 12.2:
#strings mod_ssl.so | grep -i "mod_ssl\/"
Amod_ssl/2.4.48
#strings mod_ssl.so | grep -i "sslkeylogfile"
NOTHING
It's posible, that mod_ssl on FreeBSD 12.2 do not have function for logging pre-master secret keys? Have you got any idea how can i decrypt TLS1.3 on FreeBSD with apache24?
Thanks.