Is it possible to extract the master key from a TLS session when using the network framework?
libssl 1.1.1 and newer offers a native way using SSL_CTX_set_keylog_callback, does the network framework offer something similar?
The master key is quite useful for debugging TLS connections as it can be fed into programs like Wireshark to decrypt captured messages.
The API that you're looking for here is sec_protocol_metadata_create_secret which correlates with SSL_export_keying_material in BoringSSL. I have tried this between two BoringSSL backed connections that use Network Framework and everything did work correctly when using TLS 1.2. When using a BoringSSL based client and a OpenSSL based server there have been some known issues getting the master key and that is being tracked in (r. 78510866). If you experience and issue here, please open a bug report.
