3.11.39. TLS_KeylogFilename Previous topic Parent topic Child topic Next topic

Sets the name of file Radiator uses for logging TLS key material. TLS key log allows fully decrypting EAP and Stream SSL/TLS sessions, including those that have forward security enabled. TLS keylog should only be used for debugging to avoid security issues.
The keylog file is written in NSS Key Log Format, also known as SSLKEYLOGFILE. Tools, such as Wireshark, can read this file and fully decrypt TLS, including TLS sessions that have forward security enabled.
# Enable when debugging, remove when in production
TLS_KeylogFilename %L/radsec-keylog
DANGER
Keylog should only be used for debugging to avoid security issues.