MbedTLS
A wrapper around the mbed TLS and cryptography C libary.
Current supported mbedtls version: 2.16.0 (from MbedTLS_jll.jl)
Usage:
using Sockets
sock = connect("httpbin.org", 443)
entropy = MbedTLS.Entropy()
rng = MbedTLS.CtrDrbg()
MbedTLS.seed!(rng, entropy)
ctx = MbedTLS.SSLContext()
conf = MbedTLS.SSLConfig()
MbedTLS.config_defaults!(conf)
MbedTLS.authmode!(conf, MbedTLS.MBEDTLS_SSL_VERIFY_REQUIRED)
MbedTLS.rng!(conf, rng)
function show_debug(level, filename, number, msg)
@show level, filename, number, msg
end
MbedTLS.dbg!(conf, show_debug)
MbedTLS.ca_chain!(conf)
MbedTLS.setup!(ctx, conf)
MbedTLS.set_bio!(ctx, sock)
MbedTLS.handshake(ctx)
write(ctx, "GET / HTTP/1.1\r\nHost: httpbin.org\r\n\r\n")
buf = String(read(ctx, 100))
@test ismatch(r"^HTTP/1.1 200 OK", buf)
Debugging with Wireshark.
MbedTLS.jl can optionally log TLS session keys in NSS Key Log Format.
e.g.
using HTTP
using MbedTLS
c = MbedTLS.SSLConfig(true, log_secrets="/Users/sam/stuff/secret_key_log")
HTTP.get("https://httpbin.org/ip", sslconfig=c)
Wireshark can be configrued to decrypt SSL traffic by setting the location of the key log file under:
Wireshark Preferences -> Protocols -> SSL; (Pre-)Master Secret log filename.
See: https://sharkfesteurope.wireshark.org/assets/presentations17eu/15.pdf