02-16-2019, 09:50 PM
In conjunction with this, i have a feature request: Since it is very hard to dive into the deep of TLS processing (for non Remy's ^^), it would be very nice to have a easy-to-use way to write standard NSS files. My TIdSSLIOHandlerSocketOpenSSL.OnStatusInfoEx handler (linked in the first post in this thread) is working but a little bit freaky. OnStatusInfoEx isn't the right place to do this because it is fired too often (performance issues)
For example, a TIdSSLIOHandlerSocketOpenSSL.NSSFilePath string property and a TIdSSLIOHandlerSocketOpenSSL.NSSWriteEnabled boolean property.
See https://developer.mozilla.org/en-US/docs...Log_Format for details. Wireshark supports these files for TLS/SSL decryption. It is important to open this file (stream) for shared read-write, because Wireshark can't open it if another program has it open exclusively.
Alternatively, an event handler which is fired once after TLS/SSL connection is finally established, with all neccessary infos (secrets... ) to write a NSS file.
For clarification: I want this only for debugging purposes in the lab. Firefox and Chrome have such a thing, enabled via some developer options.
Thanks!
For example, a TIdSSLIOHandlerSocketOpenSSL.NSSFilePath string property and a TIdSSLIOHandlerSocketOpenSSL.NSSWriteEnabled boolean property.
See https://developer.mozilla.org/en-US/docs...Log_Format for details. Wireshark supports these files for TLS/SSL decryption. It is important to open this file (stream) for shared read-write, because Wireshark can't open it if another program has it open exclusively.
Alternatively, an event handler which is fired once after TLS/SSL connection is finally established, with all neccessary infos (secrets... ) to write a NSS file.
For clarification: I want this only for debugging purposes in the lab. Firefox and Chrome have such a thing, enabled via some developer options.
Thanks!