Package io.netty.handler.ssl

Class SslMasterKeyHandler

  • All Implemented Interfaces:
    ChannelHandler, ChannelInboundHandler
    public abstract class SslMasterKeyHandler
extends ChannelInboundHandlerAdapter
    The SslMasterKeyHandler is a channel-handler you can include in your pipeline to consume the master key & session identifier for a TLS session. This can be very useful, for instance the SslMasterKeyHandler.WiresharkSslMasterKeyHandler implementation will log the secret & identifier in a format that is consumable by Wireshark -- allowing easy decryption of pcap/tcpdumps.

    • Field Detail

      • SYSTEM_PROP_KEY

        public static final java.lang.String SYSTEM_PROP_KEY
        A system property that can be used to turn on/off the SslMasterKeyHandler dynamically without having to edit your pipeline. -Dio.netty.ssl.masterKeyHandler=true
        See Also:
        Constant Field Values

    • Constructor Detail

      • SslMasterKeyHandler

        protected SslMasterKeyHandler()
        Constructor.

    • Method Detail

      • ensureSunSslEngineAvailability

        public static void ensureSunSslEngineAvailability()
        Ensure that SSLSessionImpl is available.
        Throws:
        java.lang.UnsatisfiedLinkError - if unavailable

      • sunSslEngineUnavailabilityCause

        public static java.lang.Throwable sunSslEngineUnavailabilityCause()
        Returns the cause of unavailability.
        Returns:
        the cause if unavailable. null if available.

      • isSunSslEngineAvailable

        public static boolean isSunSslEngineAvailable()

      • accept

        protected abstract void accept​(javax.crypto.SecretKey masterKey,
                               javax.net.ssl.SSLSession session)
        Consume the master key for the session and the sessionId
        Parameters:
        masterKey - A 48-byte secret shared between the client and server.
        session - The current TLS session

      • masterKeyHandlerEnabled

        protected boolean masterKeyHandlerEnabled()
        Checks if the handler is set up to actually handle/accept the event. By default the SYSTEM_PROP_KEY property is checked, but any implementations of this class are free to override if they have different mechanisms of checking.
        Returns:
        true if it should handle, false otherwise.

      • newWireSharkSslMasterKeyHandler

        public static SslMasterKeyHandler newWireSharkSslMasterKeyHandler()
        Create a SslMasterKeyHandler.WiresharkSslMasterKeyHandler instance. This TLS master key handler logs the master key and session-id in a format understood by Wireshark -- this can be especially useful if you need to ever decrypt a TLS session and are using perfect forward secrecy (i.e. Diffie-Hellman) The key and session identifier are forwarded to the log named 'io.netty.wireshark'.