Background

• I want to capture and decrypt TLS packets from curl.exe included with Windows.
• curl in the Linux environment supports the SSLKEYLOGFILE environment variable to export a TLS session key.
• Wireshark can import the TLS session key to decrypt captured TLS packets.

Problem

When I tried to export a TLS session key with the following command, nothing was exported to the specified path.

PS C:\tmp> $env:SSLKEYLOGFILE='C:/tmp/sslkey.log'; curl.exe -s 
TESTFROMCURL
PS C:\tmp> ls C:/tmp/sslkey.log
ls : Cannot find path 'C:\tmp\sslkey.log' because it does not exist.
At line:1 char:1
+ ls C:/tmp/sslkey.log
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\tmp\sslkey.log:String) [Get-ChildItem], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

What I investigated

• curl.exe --version is like this. It says curl.exe is built with Schannel rather than OpenSSL or LibreSSL.

PS C:\tmp> curl.exe --version
curl 8.10.1 (Windows) libcurl/8.10.1 Schannel zlib/1.3 WinIDN
Release-Date: 2024-09-18
Protocols: dict file ftp ftps http https imap imaps ipfs ipns mqtt pop3 pop3s smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL SSPI threadsafe Unicode UnixSockets

• Everything curl says SSLKEYLOGFILE requires OpenSSL, LibreSSL, BoringSSL, GnuTLS, or wolfSSL. /usingcurl/tls/sslkeylogfile.html#restrictions

Question

Is there any way to decrypt TLS packets from curl.exe that is included with Windows? Is there any alternative to SSLKEYLOGFILE?