diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2019-10-21 20:44:20 -0700 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2019-11-20 08:00:02 -0800 |
commit | 80efb80f3f9dffb412aa1a41ab36c843c90c60e5 (patch) | |
tree | 79e7db50520582e1c5c9a33b49265333b4a10287 /doc/api | |
parent | f4ea9189501743797d1ab8f5ed07027dd71f59bd (diff) | |
download | android-node-v8-80efb80f3f9dffb412aa1a41ab36c843c90c60e5.tar.gz android-node-v8-80efb80f3f9dffb412aa1a41ab36c843c90c60e5.tar.bz2 android-node-v8-80efb80f3f9dffb412aa1a41ab36c843c90c60e5.zip |
tls: cli option to enable TLS key logging to file
Debugging HTTPS or TLS connections from a Node.js app with (for example)
Wireshark is unreasonably difficult without the ability to get the TLS
key log. In theory, the application can be modified to use the
`'keylog'` event directly, but for complex apps, or apps that define
there own HTTPS Agent (like npm), this is unreasonably difficult.
Use of the option triggers a warning to be emitted so the user is
clearly notified of what is happening and its effect.
PR-URL: https://github.com/nodejs/node/pull/30055
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'doc/api')
-rw-r--r-- | doc/api/cli.md | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/api/cli.md b/doc/api/cli.md index e88b16b1ea..2651394653 100644 --- a/doc/api/cli.md +++ b/doc/api/cli.md @@ -679,6 +679,15 @@ added: v4.0.0 Specify an alternative default TLS cipher list. Requires Node.js to be built with crypto support (default). +### `--tls-keylog=file` +<!-- YAML +added: REPLACEME +--> + +Log TLS key material to a file. The key material is in NSS `SSLKEYLOGFILE` +format and can be used by software (such as Wireshark) to decrypt the TLS +traffic. + ### `--tls-max-v1.2` <!-- YAML added: v12.0.0 @@ -1073,6 +1082,7 @@ Node.js options that are allowed are: * `--throw-deprecation` * `--title` * `--tls-cipher-list` +* `--tls-keylog` * `--tls-max-v1.2` * `--tls-max-v1.3` * `--tls-min-v1.0` |