Skip to content
Log in

SSLKEYLOGFILE

Definition

A file format, originally implemented in Mozilla Firefox and later adopted by Chrome and other browsers, that logs TLS session keys as connections are established. When this file is captured alongside a packet capture, tools such as Wireshark can use the keys to decrypt the recorded sessions. Legitimate use requires access to the endpoint generating the traffic.

Related terms

Flow record
A summary record of a network conversation, typically recording source and destination IP addresses and ports, protocol, start time, duration, byte count...
JA3 fingerprint
An MD5 hash computed from selected fields of the TLS Client Hello: the TLS version, cipher suites, extensions, elliptic curves, and elliptic-curve...
Server Name Indication (SNI)
A TLS extension sent in plaintext in the Client Hello message that identifies the hostname the client intends to reach. SNI is...
SSL inspection (TLS interception)
A technique in which an intermediary device terminates an incoming TLS session, inspects the decrypted content, then re-encrypts and forwards it using...
Traffic fingerprinting
The process of identifying an application, protocol, or user action from statistical properties of an encrypted flow, such as packet size distributions,...

Explained in

  • Encrypted Traffic AnalysisA file format, originally implemented in Mozilla Firefox and later adopted by Chrome and other browsers, that logs TLS session keys as connections are establis...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account