Dumping key to file

Matt Caswell matt at openssl.org
Wed Mar 10 14:28:51 UTC 2021

On 10/03/2021 13:35, Jeremy Harris wrote:
> On 10/03/2021 13:14, Harish Kulkarni wrote:
>> My application is built along with openssl library source code. We 
>> want to
>> dump keys to a file for decrypting TLS flows from network captures.. is
>> there any flag or environment variable which we can set during building
>> application or while running application.

That is not an OpenSSL environment variable (I think that's an NSS thing).

In order to log keys you need to set the key logging callback via 

The callback needs to look like this:

typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);

It should write the data provided in "line" to wherever you want to 
store the key data.


If you are using the OpenSSL command line then you can use the 
"-keylogfile" option to s_client or s_server to specify the filename for 
where you want keys logged.


More information about the openssl-users mailing list