SSLKEYLOGFILE docs

3 files changed, 10 insertions, 0 deletions

diff --git a/doc-src/_nav.html b/doc-src/_nav.html
index 6c3afbe1..69175c0c 100644
--- a/doc-src/_nav.html
+++ b/doc-src/_nav.html
@@ -56,4 +56,5 @@
     <li class="nav-header">Hacking</li>
         $!nav("dev/architecture.html", this, state)!$
         $!nav("dev/testing.html", this, state)!$
+        $!nav("dev/sslkeylogfile.html", this, state)!$
 </ul>
diff --git a/doc-src/dev/index.py b/doc-src/dev/index.py
index bb7872c7..0f2a6494 100644
--- a/doc-src/dev/index.py
+++ b/doc-src/dev/index.py
@@ -3,5 +3,6 @@ from countershape import Page
 pages = [
      Page("testing.html", "Testing"),
      Page("architecture.html", "Architecture"),
+     Page("sslkeylogfile.html", "TLS Master Secrets"),
 #    Page("addingviews.html", "Writing Content Views"),
 ]
diff --git a/doc-src/dev/sslkeylogfile.html b/doc-src/dev/sslkeylogfile.html
new file mode 100644
index 00000000..1826fc2e
--- /dev/null
+++ b/doc-src/dev/sslkeylogfile.html
@@ -0,0 +1,8 @@
+The SSL master keys can be logged by mitmproxy so that external programs can decrypt TLS connections both from and to the proxy.
+Key logging is enabled by setting the environment variable <samp>SSLKEYLOGFILE</samp> so that it points to a writable
+text file. Recent versions of WireShark can use these log files to decrypt packets.
+You can specify the key file path in WireShark via<br>
+<samp>Edit → Preferences → Protocols → SSL → (Pre)-Master-Secret log filename</samp>.
+
+ Note that <samp>SSLKEYLOGFILE</samp> is respected by other programs as well, e.g. Firefox and Chrome.
+If this creates any issues, you can set <samp>MITMPROXY_SSLKEYLOGFILE</samp> alternatively.
\ No newline at end of file