> On 5 Feb 2024, at 22:38, Максим Чистяков <gods.like.you@xxxxxxxxx> wrote: > > Is there a way to save the pre-master keys which are encrypted TLS handshake between PostgreSQL server and psql client due to a TLS handshake? > For example, in a Chrome you can save those keys due to connecting through HTTPS with option --ssl-key-log-file or an environment variable SSLKEYLOGFILE (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkvECAQ&lang=en_US%E2%80%A9). > I need the similar feature, at least in psql client (ideally, on the postgresql server side too). > > Why I need this: > I'm debugging TLS connection to postgres from a rust application, used postgres-native-tls library. A psql client makes a successful TLS v1.3 connection, but my based on postgres-native-tls client fails with an "error performing TLS handshake" message. I want to dump tcp trafic, and analyze it in the Wireshark, what exactly certificates exchanged between the psql and Postgresql (succeeded TLS session), then between postgres-native-tls and postgres, and then to compare them. Buuut... to view the certificates in Wireshark, you need the TLS pre-master keys to decrypt the Encrypted Extensions packets. There is no such thing, adding it yourself and debug your application using a custom build is probably your best option. -- Daniel Gustafsson
