Background
- I want to capture and decrypt TLS packets from
curl.exe included with Windows.
curl in the Linux environment supports the SSLKEYLOGFILE environment variable to export a TLS session key.- Wireshark can import the TLS session key to decrypt captured TLS packets.
Problem
When I tried to export a TLS session key with the following command, nothing was exported to the specified path.
PS C:\tmp> $env:SSLKEYLOGFILE='C:/tmp/sslkey.log'; curl.exe -s
TESTFROMCURL
PS C:\tmp> ls C:/tmp/sslkey.log
ls : Cannot find path 'C:\tmp\sslkey.log' because it does not exist.
At line:1 char:1
+ ls C:/tmp/sslkey.log
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\tmp\sslkey.log:String) [Get-ChildItem], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand
What I investigated
curl.exe --version is like this. It says curl.exe is built with Schannel rather than OpenSSL or LibreSSL.
PS C:\tmp> curl.exe --version
curl 8.10.1 (Windows) libcurl/8.10.1 Schannel zlib/1.3 WinIDN
Release-Date: 2024-09-18
Protocols: dict file ftp ftps http https imap imaps ipfs ipns mqtt pop3 pop3s smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL SSPI threadsafe Unicode UnixSockets
Everything curl says SSLKEYLOGFILE requires OpenSSL, LibreSSL, BoringSSL, GnuTLS, or wolfSSL.
/usingcurl/tls/sslkeylogfile.html#restrictions
Question
Is there any way to decrypt TLS packets from curl.exe that is included with Windows? Is there any alternative to SSLKEYLOGFILE?
