How to debug NFS over TLS with packet captures?

Solution Verified - Updated -

Issue

  • How to debug NFS over TLS with packet captures?
  • The SSLKEYLOGFILE variable does not create a file when using NFS with TLS.
$ man tlshd
...
ENVIRONMENT VARIABLES
  The GnuTLS library provides certain capabilities that can be enabled by
  setting environment variables before tlshd is started. More information
  about these variables is available in GnuTLS library documentation.
      SSLKEYLOGFILE
          When set, this variable specifies the pathname of a file to which
          the GnuTLS library appends negotiated session keys in the NSS Key
          Log format. The NSS Key Log format can be read by Wireshark,
          enabling decryption of recorded sessions.

Environment

  • Red Hat Enterprise Linux 10.0 and later
  • Red Hat Enterprise Linux 9.6 and later
  • NFS over TLS
  • nfs-utils and ktls-utils packages

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content