SSLKEYLOGFILE

README.md

@@ -26,6 +26,10 @@ The record file is a list of records. Each record follows this format:
 * [8 bytes] data length, big endian
 * data
 
+## SSLKEYLOGFILE
+
+The `SSLKEYLOGFILE` environment variable can be set to a file path to which the connection secrets will be exported, enabling decrypting the traffic in Wireshark.
+
 ## License
 
 GNU AGPL v3, CopyLeft 2025 Pascal Engélibert [(why copyleft?)](https://txmn.tk/blog/why-copyleft/)

src/client.rs

@@ -122,6 +122,7 @@ pub async fn play(
 			} else {
 				config.resumption = Resumption::disabled();
 			}
+			config.key_log = Arc::new(tokio_rustls::rustls::KeyLogFile::new());
 			let config = Arc::new(config);
 			for (id, (server_name, records)) in records.iter() {
 				let connector = TlsConnector::from(config.clone());
@@ -322,7 +323,8 @@ pub async fn play(
 										)
 										.await
 										{
-											Ok(v) => v.unwrap().unwrap(),
+											Ok(None) => break,
+											Ok(Some(v)) => v.unwrap(),
 											Err(_e) => {
 												// TODO fix
 												println!(
@@ -350,6 +352,12 @@ pub async fn play(
 										//crate::http::decode_http(&mut buf, &mut stream).await;
 										//buf.clear();
 									}
+									if total_recv < reduced_len {
+										println!(
+											"({}) RECV NOT ENOUGH {} / {}",
+											id, total_recv, total_len
+										);
+									}
 								}
 							}
 						}

src/server.rs

@@ -141,6 +141,7 @@ pub async fn play(
 				.with_no_client_auth()
 				.with_cert_resolver(Arc::new(resolver));
 			config.max_early_data_size = 8192;
+			config.key_log = Arc::new(tokio_rustls::rustls::KeyLogFile::new());
 			let config = Arc::new(config);
 
 			let listener = TcpListener::bind(listen_addr).await.unwrap();