Class SslMasterKeyHandler

  • All Implemented Interfaces:

    public abstract class SslMasterKeyHandler
    extends Object
    implements ChannelHandler
    The SslMasterKeyHandler is a channel-handler you can include in your pipeline to consume the master key & session identifier for a TLS session. This can be very useful, for instance the SslMasterKeyHandler.WiresharkSslMasterKeyHandler implementation will log the secret & identifier in a format that is consumable by Wireshark -- allowing easy decryption of pcap/tcpdumps.
    • Field Detail


        public static final String SYSTEM_PROP_KEY
        A system property that can be used to turn on/off the SslMasterKeyHandler dynamically without having to edit your pipeline. -Dio.netty5.ssl.masterKeyHandler=true
        See Also:
        Constant Field Values
    • Constructor Detail

      • SslMasterKeyHandler

        protected SslMasterKeyHandler()
    • Method Detail

      • ensureSunSslEngineAvailability

        public static void ensureSunSslEngineAvailability()
        Ensure that SSLSessionImpl is available.
        UnsatisfiedLinkError - if unavailable
      • sunSslEngineUnavailabilityCause

        public static Throwable sunSslEngineUnavailabilityCause()
        Returns the cause of unavailability.
        the cause if unavailable. null if available.
      • isSunSslEngineAvailable

        public static boolean isSunSslEngineAvailable()
      • accept

        protected abstract void accept​(SecretKey masterKey,
                                       SSLSession session)
        Consume the master key for the session and the sessionId
        masterKey - A 48-byte secret shared between the client and server.
        session - The current TLS session
      • masterKeyHandlerEnabled

        protected boolean masterKeyHandlerEnabled()
        Checks if the handler is set up to actually handle/accept the event. By default the SYSTEM_PROP_KEY property is checked, but any implementations of this class are free to override if they have different mechanisms of checking.
        true if it should handle, false otherwise.
      • newWireSharkSslMasterKeyHandler

        public static SslMasterKeyHandler newWireSharkSslMasterKeyHandler()
        Create a SslMasterKeyHandler.WiresharkSslMasterKeyHandler instance. This TLS master key handler logs the master key and session-id in a format understood by Wireshark -- this can be especially useful if you need to ever decrypt a TLS session and are using perfect forward secrecy (i.e. Diffie-Hellman) The key and session identifier are forwarded to the log named 'io.netty5.wireshark'.