From 89a9f49cf92264692f6828007c0c00cf361c66a8 Mon Sep 17 00:00:00 2001 From: quindecim <49964366+quindecim@users.noreply.github.com> Date: Fri, 26 May 2023 23:17:11 +0200 Subject: [PATCH] Add suport for TLS key logging https://github.com/DNSCrypt/dnscrypt-proxy/commit/0c26d1637a8628425476f09c6f27bdbc15116d06 --- config/dnscrypt-proxy.toml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/config/dnscrypt-proxy.toml b/config/dnscrypt-proxy.toml index 68e492c..533d6db 100644 --- a/config/dnscrypt-proxy.toml +++ b/config/dnscrypt-proxy.toml @@ -223,6 +223,14 @@ dnscrypt_ephemeral_keys = true # tls_cipher_suite = [52392, 49199] +## Log TLS key material to a file, for debugging purposes only. +## This file will contain the TLS master key, which can be used to decrypt +## all TLS traffic to/from DoH servers. +## Never ever enable except for debugging purposes with a tool such as mitmproxy. + +# tls_key_log_file = '/tmp/keylog.txt' + + ## Bootstrap resolvers ## ## These are normal, non-encrypted DNS resolvers, that will be only used