RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

Greg Rubin
This is my implementation for [JDK-8262880](https://bugs.openjdk.java.net/browse/JDK-8262880) and enables creating of an SSL/TLS key log in the standardized [NSS Key Log Format](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format). This is supported by many TLS implementations and also by several parsers such as Wireshark. Supporting this will greatly ease in debugging TLS problems.

(Note: I am covered by the Amazon corporate contribution agreement).

-------------

Commit messages:
 - 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

Changes: https://git.openjdk.java.net/jdk/pull/2896/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=2896&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8262880
  Stats: 327 lines in 5 files changed: 327 ins; 0 del; 0 mod
  Patch: https://git.openjdk.java.net/jdk/pull/2896.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/2896/head:pull/2896

PR: https://git.openjdk.java.net/jdk/pull/2896
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

Volker Simonis-3
On Tue, 9 Mar 2021 17:18:39 GMT, SalusaSecondus <[hidden email]> wrote:

> This is my implementation for [JDK-8262880](https://bugs.openjdk.java.net/browse/JDK-8262880) and enables creating of an SSL/TLS key log in the standardized [NSS Key Log Format](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format). This is supported by many TLS implementations and also by several parsers such as Wireshark. Supporting this will greatly ease in debugging TLS problems.
>
> (Note: I am covered by the Amazon corporate contribution agreement).

I can confirm that @SalusaSecondus is covered by the Amazon OCA.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2896
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

Xue-Lei Andrew Fan
In reply to this post by Greg Rubin
On Tue, 9 Mar 2021 17:18:39 GMT, SalusaSecondus <[hidden email]> wrote:

> This is my implementation for [JDK-8262880](https://bugs.openjdk.java.net/browse/JDK-8262880) and enables creating of an SSL/TLS key log in the standardized [NSS Key Log Format](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format). This is supported by many TLS implementations and also by several parsers such as Wireshark. Supporting this will greatly ease in debugging TLS problems.
>
> (Note: I am covered by the Amazon corporate contribution agreement).

It is not good practice to leave secret information in debug log. Also, it may be not a good practice to introduce new logger format, including file and NSS format, into the SSLLogger.  Someone also may want to introduce log format for MSS or XSS as well. Instead, please consider to make use of the features of Java Logger if you want to write the log to files, or use any special format.

-------------

Changes requested by xuelei (Reviewer).

PR: https://git.openjdk.java.net/jdk/pull/2896
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

Volker Simonis-3
On Thu, 11 Mar 2021 16:33:10 GMT, Xue-Lei Andrew Fan <[hidden email]> wrote:

>> This is my implementation for [JDK-8262880](https://bugs.openjdk.java.net/browse/JDK-8262880) and enables creating of an SSL/TLS key log in the standardized [NSS Key Log Format](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format). This is supported by many TLS implementations and also by several parsers such as Wireshark. Supporting this will greatly ease in debugging TLS problems.
>>
>> (Note: I am covered by the Amazon corporate contribution agreement).
>
> It is not good practice to leave secret information in debug log. Also, it may be not a good practice to introduce new logger format, including file and NSS format, into the SSLLogger.  Someone also may want to introduce log format for MSS or XSS as well. Instead, please consider to make use of the features of Java Logger if you want to write the log to files, or use any special format.

I'm happy to create a CSR for this issue once the exact details of the option format have been figured out.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2896
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

Greg Rubin
On Thu, 11 Mar 2021 18:33:07 GMT, Volker Simonis <[hidden email]> wrote:

>> It is not good practice to leave secret information in debug log. Also, it may be not a good practice to introduce new logger format, including file and NSS format, into the SSLLogger.  Someone also may want to introduce log format for MSS or XSS as well. Instead, please consider to make use of the features of Java Logger if you want to write the log to files, or use any special format.
>
> I'm happy to create a CSR for this issue once the exact details of the option format have been figured out.

I am not familiar with either the MSS or XSS log formats and would be interested to see them. The NSS format is a defacto industry standard and already supported by many libraries (both producers and consumers) and thus used widely in the security industry. Most other uses that I can find take this similar pattern of providing a file-name to the TLS logic and then getting key log (in this format) written to that file.

I agree completely that logging secret information is dangerous and should almost never be done. That is why it has to be explicitly enabled (unlike most of the other `javax.net.debug` options) and another reason it is no commingled with the other logging output.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2896
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

Greg Rubin
In reply to this post by Xue-Lei Andrew Fan
On Thu, 11 Mar 2021 16:33:10 GMT, Xue-Lei Andrew Fan <[hidden email]> wrote:

>> This is my implementation for [JDK-8262880](https://bugs.openjdk.java.net/browse/JDK-8262880) and enables creating of an SSL/TLS key log in the standardized [NSS Key Log Format](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format). This is supported by many TLS implementations and also by several parsers such as Wireshark. Supporting this will greatly ease in debugging TLS problems.
>>
>> (Note: I am covered by the Amazon corporate contribution agreement).
>
> It is not good practice to leave secret information in debug log. Also, it may be not a good practice to introduce new logger format, including file and NSS format, into the SSLLogger.  Someone also may want to introduce log format for MSS or XSS as well. Instead, please consider to make use of the features of Java Logger if you want to write the log to files, or use any special format.

@XueleiFan I'd really like to move this forward but I'm uncertain what changes you want me to make. This extra debugging information will be very valuable to those of us debugging Java TLS connections.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2896
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

Sean Mullan-2
On Thu, 18 Mar 2021 21:26:28 GMT, SalusaSecondus <[hidden email]> wrote:

>> It is not good practice to leave secret information in debug log. Also, it may be not a good practice to introduce new logger format, including file and NSS format, into the SSLLogger.  Someone also may want to introduce log format for MSS or XSS as well. Instead, please consider to make use of the features of Java Logger if you want to write the log to files, or use any special format.
>
> @XueleiFan I'd really like to move this forward but I'm uncertain what changes you want me to make. This extra debugging information will be very valuable to those of us debugging Java TLS connections.

I am also not comfortable adding this feature to the JDK, especially since every build of the JDK would by default have this feature enabled. Logging sensitive information to log files is not good security practice (there are many references I could cite). I also think it would be too easy to accidentally leave the system property enabled or forget to remove the file.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2896
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

Greg Rubin
On Fri, 19 Mar 2021 12:45:43 GMT, Sean Mullan <[hidden email]> wrote:

>> @XueleiFan I'd really like to move this forward but I'm uncertain what changes you want me to make. This extra debugging information will be very valuable to those of us debugging Java TLS connections.
>
> I am also not comfortable adding this feature to the JDK, especially since every build of the JDK would by default have this feature enabled. Logging sensitive information to log files is not good security practice (there are many references I could cite). I also think it would be too easy to accidentally leave the system property enabled or forget to remove the file.

I think that there might be some confusion around the sensitivity of the data being logged. The security impact of this data is almost identical to passing `-Djavax.net.debug=plaintext,packet` to the JVM. This existing setting logs all plaintext (as well as wire-data) to STDERR. The new feature I'm proposing just lets a second application decrypt the wire-data to access the plaintext, which results in the same level of exposed data. (As an improvement over the existing feature, it outputs the data in a standardized format so that it is easier to analyze rather than being in a Java-specific format and co-mingled with all other STDERR output.)

Similar to the existing feature, the data logged only impacts the exact connections that it is enabled for. (These are ephemeral session-specific secrets).

I hope that this helps to ease some concerns and help explain why this exact feature is present in so many existing applications (including OpenSSL, BoringSSL, WolfSSL, s2n, Mozilla, and Chrome, among others).  If you would like to try it with your current Chrome browser, just add ` --ssl-key-log-file=/path/to/chrome_keys.txt` to the command-line. For Firefox, I believe you need to set the `SSLKEYLOGFILE` environment variable to the name of the log-file.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2896
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

raell
In reply to this post by Sean Mullan-2
Hi all,

I very much appreciate @SalusaSecondus' idea for providing a key logger.

For, when working with networks, it's quite natural to analyze message flow
with help of wireshark. In TLS 1.3 this isn't possible without a key log
because most parts of the handshake messages are encrypted. So, if both,
client and server, are Java apps, it isn't possible to trace the message flow
with wireshark. That's a great disadvantage.

To give an example: I'm running a https client based on SSLEngine and an
AsynchronousSocketChannel. The entries in the log provided by javax.net.debug=ssl
arise from SSLEngine, but the messages itself are sent by the channel. So it is
not possible to check what messages are actually sent over the network
(I could have made a programming error in using the data provided by
the SSLEngine or something could go wrong within the channel).
Therefore, being able to produce a key log on the Java client side and
to observe the messages and their content in wireshark, would be very
helpful.

Concerning the security issue: Of course, holding keys is always a risk.
But if one stores the output of javax.net.debug in a file, then an attacker
who has access to the system could read decrypted messages as well. But, of
course, the implementation of a key logger in Java has to ensure that no
key log is produced by default but only if it is explicitly enabled
(similar to javax.net.debug).

I would be very glad if there would be a chance to implement @SalusaSecondus'
proposal in some way because a key logger would be really helpful for
doing networking with Java.

Regards,

Ralph

 
 
 

Gesendet: Freitag, 19. März 2021 um 13:48 Uhr
Von: "Sean Mullan" <[hidden email]>
An: [hidden email]
Betreff: Re: RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys
On Thu, 18 Mar 2021 21:26:28 GMT, SalusaSecondus <[hidden email]> wrote:

>> It is not good practice to leave secret information in debug log. Also, it may be not a good practice to introduce new logger format, including file and NSS format, into the SSLLogger. Someone also may want to introduce log format for MSS or XSS as well. Instead, please consider to make use of the features of Java Logger if you want to write the log to files, or use any special format.
>
> @XueleiFan I'd really like to move this forward but I'm uncertain what changes you want me to make. This extra debugging information will be very valuable to those of us debugging Java TLS connections.

I am also not comfortable adding this feature to the JDK, especially since every build of the JDK would by default have this feature enabled. Logging sensitive information to log files is not good security practice (there are many references I could cite). I also think it would be too easy to accidentally leave the system property enabled or forget to remove the file.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2896
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

Bernd Eckenfels-4
Hello,

I agree with the need for such a facility.

Instead, or in addition to a key log a session handshake listener with access to the handshake result (and the master key) would also be useful for auditing, renegotiation limiting and key logging. It can even be used for things like priming introspecting firewalls.

There is not yet a good official platform API with access to that kind of information (and proxying client Hello packages to get the offered ciphers is really ugly). With the API an Adapter which can write NSS Keylogs can be provided by users and you don’t have to worry about having debug logging Code expose secrets.

Gruss
Bernd

--
http://bernd.eckenfels.net

Von: security-dev <[hidden email]> im Auftrag von [hidden email] <[hidden email]>
Gesendet: Tuesday, March 23, 2021 6:36:06 PM
An: [hidden email] <[hidden email]>
Betreff: Re: RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys
 
Hi all,

I very much appreciate @SalusaSecondus' idea for providing a key logger.

For, when working with networks, it's quite natural to analyze message flow
with help of wireshark. In TLS 1.3 this isn't possible without a key log
because most parts of the handshake messages are encrypted. So, if both,
client and server, are Java apps, it isn't possible to trace the message flow
with wireshark. That's a great disadvantage.

To give an example: I'm running a https client based on SSLEngine and an
AsynchronousSocketChannel. The entries in the log provided by javax.net.debug=ssl
arise from SSLEngine, but the messages itself are sent by the channel. So it is
not possible to check what messages are actually sent over the network
(I could have made a programming error in using the data provided by
the SSLEngine or something could go wrong within the channel).
Therefore, being able to produce a key log on the Java client side and
to observe the messages and their content in wireshark, would be very
helpful.

Concerning the security issue: Of course, holding keys is always a risk.
But if one stores the output of javax.net.debug in a file, then an attacker
who has access to the system could read decrypted messages as well. But, of
course, the implementation of a key logger in Java has to ensure that no
key log is produced by default but only if it is explicitly enabled
(similar to javax.net.debug).

I would be very glad if there would be a chance to implement @SalusaSecondus'
proposal in some way because a key logger would be really helpful for
doing networking with Java.

Regards,

Ralph

 
 
 

Gesendet: Freitag, 19. März 2021 um 13:48 Uhr
Von: "Sean Mullan" <[hidden email]>
An: [hidden email]
Betreff: Re: RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys
On Thu, 18 Mar 2021 21:26:28 GMT, SalusaSecondus <[hidden email]> wrote:

>> It is not good practice to leave secret information in debug log. Also, it may be not a good practice to introduce new logger format, including file and NSS format, into the SSLLogger. Someone also may want to introduce log format for MSS or XSS as well. Instead, please consider to make use of the features of Java Logger if you want to write the log to files, or use any special format.
>
> @XueleiFan I'd really like to move this forward but I'm uncertain what changes you want me to make. This extra debugging information will be very valuable to those of us debugging Java TLS connections.

I am also not comfortable adding this feature to the JDK, especially since every build of the JDK would by default have this feature enabled. Logging sensitive information to log files is not good security practice (there are many references I could cite). I also think it would be too easy to accidentally leave the system property enabled or forget to remove the file.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2896
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

Jamil Nimeh-2
In reply to this post by Greg Rubin
On Fri, 19 Mar 2021 14:46:38 GMT, Greg Rubin <[hidden email]> wrote:

>> I am also not comfortable adding this feature to the JDK, especially since every build of the JDK would by default have this feature enabled. Logging sensitive information to log files is not good security practice (there are many references I could cite). I also think it would be too easy to accidentally leave the system property enabled or forget to remove the file.
>
> I think that there might be some confusion around the sensitivity of the data being logged. The security impact of this data is almost identical to passing `-Djavax.net.debug=plaintext,packet` to the JVM. This existing setting logs all plaintext (as well as wire-data) to STDERR. The new feature I'm proposing just lets a second application decrypt the wire-data to access the plaintext, which results in the same level of exposed data. (As an improvement over the existing feature, it outputs the data in a standardized format so that it is easier to analyze rather than being in a Java-specific format and co-mingled with all other STDERR output.)
>
> Similar to the existing feature, the data logged only impacts the exact connections that it is enabled for. (These are ephemeral session-specific secrets).
>
> I hope that this helps to ease some concerns and help explain why this exact feature is present in so many existing applications (including OpenSSL, BoringSSL, WolfSSL, s2n, Mozilla, and Chrome, among others).  If you would like to try it with your current Chrome browser, just add ` --ssl-key-log-file=/path/to/chrome_keys.txt` to the command-line. For Firefox, I believe you need to set the `SSLKEYLOGFILE` environment variable to the name of the log-file.

I agree with Bernd, an API gives us some more flexibility.  I like the functionality provided by a key logging feature, but an API-based approach is more appropriate for the platform, and it more closely resembles what OpenSSL and GnuTLS are doing with callback registration.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2896