Jump to content

Cant Export TLS keys using SSLKEYLOGFILE with Total Security Installed


Recommended Posts

Posted

For network analysts it is common practice to export TLS keys from applications.

This is in accordance with RFCs and is achieved by setting an environment variable SSLKEYLOGFILE.

 

I have recently discovered that with Kaspersky Total Security installed my keys are no longer properly exported..

Pausing protection doesn’t solve the issue, I had to exit the product.

Does anyone know of a setting that can be changed that will allow me to keep my Total Internet Security package running but still export TLS keys.

 

Thanks for your help

Posted

The problem is cured by using  Settings→ Network Settings→ Do not scan encrypted connections.

However this obviously decreases security.

Flood and Flood's wife
Posted

Hello @PCrossley

Welcome!

Thank you for the extra information! 

We were just discussing this, log a case with Kaspersky support, either via Chat or Email, select Application malfunction, Other template. Support may request logs, traces & other data, they will guide you. . 

  • If selecting Chat option, we recommend you request a copy of the chat transcript, make sure you fill in your email address AFTER the chat is activated by the Chat agent & complete the Verify your email address email AFTER the chat completes.
  • When it’s available, please share the outcome with the Community? 

Thank you🙏

Flood🐳+🐋

Posted

Thanks Flood

I have already reported it.

I suspect that the use of the TLS key export feature is so rare that it is unlikely to get much priority.

However I’ve suggested they provide a command line function that will pass the value of SSLKEYLOGFILE to the proxy they use to scan encrypted connections so that it can populate the file itself.

I only need the function occasionally so for now  I can live with turning encrypted session scanning off and on when I need to, but I suspect others might look for a different product.

 

Paul

Flood and Flood's wife
Posted
  1. I have already reported it.
  2. I suspect that the use of the TLS key export feature is so rare that it is unlikely to get much priority.

 Hello @PCrossley, Paul,

You’re most welcome!

  1. Bravo👍  It sounds like a good solution👏
  2. You may be right, however, occasionally, the developers have surprised even those of us who’ve grown mouldy & jaded waiting for changes; not wishing to give false hope, but, let’s wait & see; sometimes, such a change may have benefits for other “problems”. 
  • Not sure how they’ve managed the INC# you’ve submitted, if it’s classified as a Suggestion, they’ll eventually (soon) close the INC, telling you to “keep a eye out”, i.e., no-one tells you if the change has been processed; that’s unfortunate for users, should you need or wish to make a query about the issue in the future, you’ll be required to raise a new INC# → IF the proposed change takes 2 or more years & you make an enquiry per year…. you get the drift😥

Obviously, if you get a result, please share it with the Community please? 

Thank you🙏

Flood🐳+🐋

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...