[SR-Users] Re: SSL key logger for Diffie-Hellman cipher

Calvin, Thanks for sharing this, just a question, do you use system-provided OpenSSL or tlsa ? Le mar. 30 janv. 2024 à 03:00, Calvin E. via sr-users < sr-users(a)lists.kamailio.org&gt; a écrit : > It turns out the system I was on really > uses /lib/systemd/system/kamailio.service, despite /etc/init.d/kamailio > also existing. > > I was able to make it work by following the Systemd process: > > mkdir /etc/default/kamailio.d/ > edit /etc/default/kamailio.d/voipmonitor > add lines: > SSLKEYLOG_UDP='127.0.0.1:1234' > LD_PRELOAD="/usr/local/src/voipmonitor-git/tools/ssl_keylogger/sslkeylog.so > /usr/lib/x86_64-linux-gnu/libssl.so.3" > > The keys are captured by the VoIPmonitor sniffer and everything works > as expected from there. I'd be happy to explain further to anyone > interested in this setup. > > On Sun, Jan 28, 2024 at 3:20 AM Sergey Safarov &lt;s.safarov(a)gmail.com&gt; > wrote: > >> You can check this PR >> https://github.com/kamailio/kamailio/pull/2785 >> >> On Fri, Jan 26, 2024 at 8:58 PM Calvin E. via sr-users < >> sr-users(a)lists.kamailio.org&gt; wrote: >> >>> I've been tasked to use LD_PRELOAD to log SSL keys for TLS >>> connections using a Diffie-Hellman cipher. The first attempt did not work, >>> so I wanted to sanity check whether Kamailio's TLS support is built in such >>> a way that would defeat LD_PRELOAD. >>> >>> The instructions from the vendor are to update /etc/init.d/kamailio >>> like this: >>> >>> env SSLKEYLOG_UDP='127.0.0.1:1234' >>> LD_PRELOAD="/usr/local/src/voipmonitor-git/tools/ssl_keylogger/sslkeylog.so >>> /usr/lib/x86_64-linux-gnu/libssl.so.3" \ >>> start-stop-daemon --start --quiet --pidfile $PIDFILE \ >>> --exec $DAEMON -- $OPTIONS || log_failure_msg " >>> already running" >>> >>> Is there anything special in Kamailio (5.7.3 on Debian 12) that >>> would prevent this from working? Not necessarily something to defeat a >>> keylogger, but maybe the way tls.so gets loaded? >>> >>> The only discrepancy I've noticed is the vendor docs refer >>> to libssl.so.3 not libssl.so.1, but the vendor said that should be OK. >>> >>> I'd love to hear from someone already using VoIPmonitor >>> with Diffie-Hellman ciphers and Kamailio. >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org >>> Important: keep the mailing list in the recipients, do not reply >>> only to the sender! >>> Edit mailing list options or unsubscribe: >>> >> __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only > to the sender! > Edit mailing list options or unsubscribe: > -- Best regards, Ihor (Igor) __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: