Add support for NSS Key Log Format for the TLSConfig options

As we add more features on top of Central Management and since all communication are encrypted between the beat and the server we need to make sure can debug any problematic situation.

Listen to packets with wireshark between beats and the remote endpoint is a good idea to understand what is going on the communication level, since all communication are encrypted its hard to have access to the plain text exchanged.

Adding support for [NSS Key Log format](http://devdoc.net/web/developer.mozilla.org/en-US/docs/NSS_Key_Log_Format.html) as a debugging tool to all the TLSConfig options look liked a good idea. Since both wireshark and Golang support out of the box this format [crypto/tls](https://golang.org/pkg/crypto/tls/):

```

        // KeyLogWriter optionally specifies a destination for TLS master secrets
        // in NSS key log format that can be used to allow external programs
        // such as Wireshark to decrypt TLS connections.
        // See https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format.
        // Use of KeyLogWriter compromises security and should only be
        // used for debugging.
        KeyLogWriter io.Writer // Go 1.8
        // contains filtered or unexported fields
}
```

I propose that we add a new TLS options named `key_log` that will look like this.

```yaml
key_log:
  enabled: true
  path: /tmp/my_nss.log

```

Since we will leak information the log will be only generated when the following are true:

Explicitely **enabled**
when debug is on and the `key_log` selector is defined.

proposed by @jpcarey 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for NSS Key Log Format for the TLSConfig options #10378

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development