Hi,
I'm not sure if this is really a Wireshark, Go, or Syncthing question,
but I figure I'll try here first:
I'm working on a Syncthing dissector:
https://github.com/tmo1/wireshark-syncthing-dissector
Since most of the Syncthing protocols are encapsulated in TLS, I need
to provide the TLS secrets to Wireshark.
I read this:
https://wiki.wireshark.org/TLS
Syncthing is written in Go and doesn't support SSLKEYLOGFILE, but Go
does have TLS secrets export functionality:
https://pkg.go.dev/crypto/tls#example-Config-KeyLogWriter
So I patched Syncthing to export TLS secrets:
https://github.com/tmo1/syncthing
This works, and various stuff is written to the specified file, but
providing that file to Wireshark doesn't enable TLS decryption. I
examined the file, and I see that it contains
CLIENT_HANDSHAKE_TRAFFIC_SECRET, SERVER_HANDSHAKE_TRAFFIC_SECRET,
CLIENT_TRAFFIC_SECRET_0, and SERVER_TRAFFIC_SECRET_0 lines, but not the
critical CLIENT_RANDOM lines. Am I doing something wrong or missing something?
(For comparison, I tested the SSLKEYLOGFILE functionality with
Chromium; it worked fine, and Wireshark was able to decrypt the
Chromium TLS connections.)
--
Tmore1 <tmore1@xxxxxxx>