From 80efb80f3f9dffb412aa1a41ab36c843c90c60e5 Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Mon, 21 Oct 2019 20:44:20 -0700 Subject: tls: cli option to enable TLS key logging to file Debugging HTTPS or TLS connections from a Node.js app with (for example) Wireshark is unreasonably difficult without the ability to get the TLS key log. In theory, the application can be modified to use the `'keylog'` event directly, but for complex apps, or apps that define there own HTTPS Agent (like npm), this is unreasonably difficult. Use of the option triggers a warning to be emitted so the user is clearly notified of what is happening and its effect. PR-URL: https://github.com/nodejs/node/pull/30055 Reviewed-By: Anna Henningsen Reviewed-By: Colin Ihrig Reviewed-By: Daniel Bevenius Reviewed-By: Ben Noordhuis Reviewed-By: James M Snell --- src/node_options.cc | 4 ++++ src/node_options.h | 1 + 2 files changed, 5 insertions(+) (limited to 'src') diff --git a/src/node_options.cc b/src/node_options.cc index 85256a7e0a..0bc6730156 100644 --- a/src/node_options.cc +++ b/src/node_options.cc @@ -506,6 +506,10 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() { AddOption("--napi-modules", "", NoOp{}, kAllowedInEnvironment); + AddOption("--tls-keylog", + "log TLS decryption keys to named file for traffic analysis", + &EnvironmentOptions::tls_keylog, kAllowedInEnvironment); + AddOption("--tls-min-v1.0", "set default TLS minimum to TLSv1.0 (default: TLSv1.2)", &EnvironmentOptions::tls_min_v1_0, diff --git a/src/node_options.h b/src/node_options.h index 30a976f48d..ce0cee5fe5 100644 --- a/src/node_options.h +++ b/src/node_options.h @@ -161,6 +161,7 @@ class EnvironmentOptions : public Options { bool tls_min_v1_3 = false; bool tls_max_v1_2 = false; bool tls_max_v1_3 = false; + std::string tls_keylog; std::vector preload_modules; -- cgit v1.2.3