Key logs can be written by NSS so that external programs can decrypt TLS connections. Wireshark 1.6.0 and above can use these log files to decrypt packets. You can tell Wireshark where to find the key file via Edit→Preferences→Protocols→SSL→(Pre)-Master-Secret log filename.
Key logging is enabled by setting the environment variable
SSLKEYLOGFILE to point to a file. This file is a series of lines. Comment lines begin with a sharp character ('#') and are ignored. Secrets follow the format
<Label> <space> <ClientRandom> <space> <Secret> where:
<Label>describes the following secret.
<ClientRandom>is 64 bytes of hex-encoded Random value from the Client Hello message.
<Secret>depends on the Label (see below).
The following labels are defined, following by a description of the secret:
RSA: 96 bytes of hex-encoded premaster secret (removed in NSS 3.34)
CLIENT_RANDOM: 96 bytes of hex-encoded master secret (for SSL 3.0, TLS 1.0, 1.2 and 1.2)
CLIENT_EARLY_TRAFFIC_SECRET: the hex-encoded early traffic secret for the client side (for TLS 1.3)
SERVER_EARLY_TRAFFIC_SECRET: the hex-encoded early traffic secret for the server side (for TLS 1.3)
CLIENT_HANDSHAKE_TRAFFIC_SECRET: the hex-encoded handshake traffic secret for the client side (for TLS 1.3)
SERVER_HANDSHAKE_TRAFFIC_SECRET: the hex-encoded handshake traffic secret for the server side (for TLS 1.3)
CLIENT_TRAFFIC_SECRET_0: the first hex-encoded application traffic secret for the client side (for TLS 1.3)
SERVER_TRAFFIC_SECRET_0: the first hex-encoded application traffic secret for the server side (for TLS 1.3)
EARLY_EXPORTER_SECRET: the hex-encoded early exporter secret (for TLS 1.3, used for 0-RTT keys in QUIC).
EXPORTER_SECRET: the hex-encoded exporter secret (for TLS 1.3, used for 1-RTT keys in QUIC)
RSA form allows ciphersuites using RSA key-agreement to be logged and was the first form supported by Wireshark 1.6.0. It has been superseded by
CLIENT_RANDOM which also works with other key-agreement algorithms (such as those based on Diffie-Hellman) and is supported since Wireshark 1.8.0.
The TLS 1.3 lines are supported since NSS 3.34 (bug 1287711) and Wireshark 2.4 (
EARLY_EXPORTER_SECRET exists since NSS 3.35, bug 1417331). The size of the hex-encoded secret depends on the selected cipher suite. It is 64, 96 or 128 for SHA256, SHA384 or SHA512 respectively.
For Wireshark usage, see SSL - Wireshark Wiki.