Issue
Using this simple https server slightly modified to replace var with Java 8 compatible types, I can run it as such:
$ java8 -cp . -Djavax.net.debug=ssl,keygen javatester.SimpleHTTPSServer | grep Nonce -C 5
SESSION KEYGEN:
PreMaster Secret:
0000: A7 7C E0 10 EB E5 7C 16 CF 70 65 30 04 AE 5B BC .........pe0..[.
0010: 6F 61 52 6C FC 71 58 D9 F4 BD 10 70 69 10 62 2A oaRl.qX....pi.b*
CONNECTION KEYGEN:
Client Nonce:
0000: A3 E4 45 27 77 6C 0D 5E BD F1 4E 9D 1E 2E 10 02 ..E'wl.^..N.....
0010: 7F 6E A1 EC C2 BC 40 E3 1E 32 A9 B9 13 3B 6C B5 [email protected]...;l.
Server Nonce:
0000: 5E B5 99 F9 02 EE C3 9E 84 30 01 32 B4 04 BA 38 ^........0.2...8
0010: B1 D9 B2 D9 6E 54 F4 4C BF DC 60 98 97 AD 8B B2 ....nT.L..`.....
Master Secret:
0000: D6 14 BF 8E FF 69 93 9C DB 58 35 AC 65 EF 5B A2 .....i...X5.e.[.
0010: 79 D7 3D 67 76 F7 CA 82 69 F9 30 34 9A C8 E7 EB y.=gv...i.04....
These values I can use to create a Wireshark-capable premaster secret log file to decode the connection. However, when I run this with jdk 11, I don't get any keygen output:
$ java11 -cp . -Djavax.net.debug=ssl,keygen javatester.SimpleHTTPSServer
Start single-threaded server at /0.0.0.0:8443
javax.net.ssl|DEBUG|01|main|2020-05-08 13:51:10.479 EDT|SSLCipher.java:437|jdk.tls.keyLimits: entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|DEBUG|01|main|2020-05-08 13:51:24.367 EDT|SSLCipher.java:1824|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|01|main|2020-05-08 13:51:24.369 EDT|SSLCipher.java:1978|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|ALL|01|main|2020-05-08 13:51:24.382 EDT|X509Authentication.java:243|No X.509 cert selected for EC
javax.net.ssl|ALL|01|main|2020-05-08 13:51:24.382 EDT|X509Authentication.java:243|No X.509 cert selected for EC
javax.net.ssl|ALL|01|main|2020-05-08 13:51:24.382 EDT|X509Authentication.java:243|No X.509 cert selected for EC
javax.net.ssl|DEBUG|01|main|2020-05-08 13:51:24.414 EDT|SSLCipher.java:1978|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|01|main|2020-05-08 13:51:24.417 EDT|SSLCipher.java:1824|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
GET / HTTP/1.1
Host: localhost:8443
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
javax.net.ssl|ALL|01|main|2020-05-08 13:51:24.423 EDT|SSLSocketImpl.java:1002|Closing output stream
javax.net.ssl|DEBUG|01|main|2020-05-08 13:51:24.423 EDT|SSLSocketImpl.java:670|close outbound of SSLSocket
javax.net.ssl|ALL|01|main|2020-05-08 13:51:24.424 EDT|SSLSocketImpl.java:877|Closing input stream
javax.net.ssl|DEBUG|01|main|2020-05-08 13:51:24.425 EDT|SSLSocketImpl.java:636|close inbound of SSLSocket
javax.net.ssl|DEBUG|01|main|2020-05-08 13:51:24.425 EDT|SSLSocketImpl.java:473|duplex close of SSLSocket
javax.net.ssl|DEBUG|01|main|2020-05-08 13:51:24.425 EDT|SSLSocketImpl.java:1381|close the SSL connection (passive)
I wondered if this was no longer supported, but the help command suggests it is:
$ java11 -cp . -Djavax.net.debug=help javatester.SimpleHTTPSServer
(...snipped)
ssl turn on ssl debugging
The following can be used with ssl:
record enable per-record tracing
handshake print each handshake message
keygen print key generation data
session print session activity
(snipped...)
How can I export the premaster secret from jdk11 connections so I can use them in Wireshark?
Solution
If the newer Java versions do no longer output the pre-master secret you can use the project extract-tls-secrets.
Decrypt HTTPS/TLS connections on-the-fly. Extract the shared secrets from secure TLS connections for use with Wireshark. Attach to a Java process on either side of the connection to start decrypting.
The code of this project can be injected at start-up into the TLS server or client using the javaagent
system, or you can connect to an existing Java process (I assume via Java debugger interface).
Answered By - Robert
Answer Checked By - Candace Johnson (JavaFixing Volunteer)