'SSLKEYLOGFILE environment variable doesn't populate any text file

My operating system is Windows 10 64 bits. I use the latest versions of Firefox and Chrome.

I want to save the pre-master keys in order to use them with WireShark.

For this, I have found many tutorials that all recommend using the SSLKEYLOGFILE environment variable.

However, no matter the path I put in this variable, no file is being created by Firefox (normal and developer editions) or Chrome. This is true even when I restart those browsers or the operating system. This is also true when I clear the cache on the browsers.

I found an alternative way of setting the SSLKEYLOGFILE variable with Chrome by launching the browser with the following argument:

--ssl-key-log-file=PATH

And while this argument does create a log file, it is never populated. It remains completely empty.

What makes this problem even more annoying is that I don't know if there's any debug log that would at least let me know what's happening.

Anyone have ideas on how to solve this issue?



Solution 1:[1]

Verified in both Chrome and Firefox
Windows 10 64bit [Version 10.0.17763.379]

I would not use the --ssl-key-log-file flag with Chrome. In my testing, it does not have an effect.

Steps to get SSL keylog file

  1. Change your directory to one that you or your programs have access to. I am using the Desktop folder.

    C:\> cd $HOME\Desktop
    
  2. Set the SSLKEYLOGFILE variable. This sets it for the user (HKCU). To set it for the machine (HKLM), add the /m flag to the end of the command.

    PS C:\Users\rj\Desktop> SetX SSLKEYLOGFILE "$(get-location)\ssl.log"
    
  3. Verify that the variable has been set in a separate powershell window (SetX does not apply to the current window).

    PS C:\Users\rj\Desktop> Get-ChildItem ENV: | findstr SSLKEYLOGFILE
    SSLKEYLOGFILE                  C:\Users\rj\Desktop\ssl.log
    

    You can also verify that SSLKEYLOGFILE is a user variable by going to the Control Panel > System and Security > System > Advanced System Settings > Advanced tab > Environment Variables > User Variables. You should see a listing like the powershell example where the value is a directory.

  4. Open Chrome/Firefox and go to an https website like https://stackoverflow.com.

  5. You should see an ssl.log show up on your desktop.

Image of end result

Further Reading

You mentioned that you are using Wireshark. If you using it to export a file from a TLS-encrypted stream in a capture, this article may help you.

Solution 2:[2]

One thing I ran into is: Chrome doesn't always fully close when you close the window. Sometimes it stays open in the background. Use the Windows Process Explorer to list all the processes and make cure Chrome is closed. Also, after restarting Chrome, you can double click on it in Process Explorer and select the Environment tab to list all the variables set in it's environment. Make sure SSLKEYLOGFILE is shown in that list. Then Chrome will be sending keys to the specified file.

Solution 3:[3]

First off all the problem is that the browsers are protected better and that flaw is patched, thats why you cant capture no ssl. I dont know the details. But chrome with --no-sandbox(linux) option on ,when running will enable you to capture ssl/tls key without any issues from the first try, so you can play with decription of packets. Never tried on windows btw..

Solution 4:[4]

This worked for me...

set the SSKEYLOG env: variable as normal in Linux. just point it to your pefererd save location of the sslkey.log

windows system/advance/env vars/user variables. add SSLKEYLOGfile with the path to your preferred save location C:/user/sslkey.log close and your done here.

NSS_ALLOW_SSLKEYLOG=1 is what's missing from the Booleans in Firefox's advanced options. its been also removed from the general release but is still in the dev ops version. just not listed.

download and install the dev ops version of Firefox open a terminal start it from its exe if on Linux. windows just open it from the icon.

go to the about:config create a new Boolean with NSS_ALLOW_SSLKEYLOG=1 and set it to true. quit now create a new symbolic/icon link to the new dev version fire fox version

when you run Firefox from the terminal in Linux the sskeylog should be created and start populating.

run it from the task bar icon in Linux and it doesn't make or update the keylog (just in case you dont want it populating every time you open the browser).

in windows, you will have to disable the env var or it will keep populating every time you open any browser that supports sslkey logging.

on that note opera and vivaldi should work with no changes to the advanced option.

lastly.. open wireshark go to edit/preferences/protocols/tls and put the path to the sslkey.log in the pre master secret log box. click ok.

close everything.. start Wireshark start your browser (from terminal in linux). you should start seeing sslkeylog start populating and see extra options for decryption in the tabs of Wireshark.

have fun :)

Solution 5:[5]

1st solution:
Restart Chrome

2nd solution:
Use Firefox

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1
Solution 2 DrChandra
Solution 3 EpimKrit
Solution 4
Solution 5 Sahin