Allow easier TLS debugging by Wireshark #8663
Description
Debugging SSL/TLS connections through Wireshark is a pain -- if the cipher used involves Diffie-Hellman then it is essentially impossible unless you can have the client dump out the master key [1]
It would be a great addition to allow Netty to dump the master key for the TLS session, especially in a format that Wireshark can read such as NSS key log format [2]
The scenario in which this would be helpful:
I am terminating TLS via netty on my server. I would like to take a tcpdump and analyze it with Wireshark. If the Cipher exchange is Diffie-Hellman, this is impossible, even with the private key.
[1] https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/
[2] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format