Using VSXi sslkeylog

Version 10.7.1.x introduced support for SSLKeyLog. SSLKeylog allows you to log encryption keys used in TLS connections, making it easier to troubleshoot encrypted traffic. The keys can then be used to decrypt the encrypted data captured in tools like Wireshark. This is especially helpful for inspecting SIP/TLS, REST and WebRTC traffic.

Enable SSLKeyLog in VSXi

There's a required system config flat part of sip.cfg to enable it (/sg/sip.cfg: 186,d,1). This is only read after a restart.  Please contact Sansay Support for assistance.

Capture Traffic

Start capturing the traffic with tshark or another packet capture tool. An alternative to packet capture is using Sansay RSM.

Once the trace is completed download the most recent SSL Key log (Trace > Advanced Logging > SSL Key SIP). The text file will look similar to this:


Configure Wireshark

  1.   Open Wireshark and load the capture file.
  2.   Go to "Edit" > "Preferences" > "Protocols" > "SSL."
  3.   In the "SSL" preferences, find the "Pre-Master-Secret log filename" setting.
  4.   Set the value of this setting to the path where you saved the SSLKeyLog file (e.g., /path/to/sslkeys.log).

That's it. Your encrypted traffic will now show in the clear. Where necessary you will need to map custom ports to the protocol of choice.


For customers using DTLS-SRTP for WebRTC or SIP, the DTLS keys can be obtained using sslkeylog in a similar fashioned as described above, but for the media plane.