diff --git a/tests/tlstest.py b/tests/tlstest.py
index f88f3f26..657de6bd 100755
--- a/tests/tlstest.py
+++ b/tests/tlstest.py
@@ -2917,12 +2917,17 @@ def connect():
         testConnServer(connection)
         connection.close()
     finally:
-        try:
-            os.remove(db_name)
-        except FileNotFoundError:
-            # dbm module may create files with different names depending on
-            # platform
-            os.remove(db_name + ".dat")
+        def quiet_remove(db_name):
+            try:
+                os.remove(db_name)
+            except OSError:
+                pass
+
+        # dbm module may create files with different names depending on
+        # platform
+        candidates = [db_name, db_name + ".dat", db_name + ".db"]
+        for candidate in candidates:
+            quiet_remove(candidate)
 
     test_no += 1
 
diff --git a/tlslite/session.py b/tlslite/session.py
index ede744ed..e137e981 100644
--- a/tlslite/session.py
+++ b/tlslite/session.py
@@ -112,7 +112,9 @@ def create(self, masterSecret, sessionID, cipherSuite,
                sr_app_secret=bytearray(0), exporterMasterSecret=bytearray(0),
                resumptionMasterSecret=bytearray(0), tickets=None,
                tls_1_0_tickets=None, ec_point_format=None,
-               delegated_credential=None):
+               delegated_credential=None,
+               cl_hs_traffic_secret=bytearray(0),
+               sr_hs_traffic_secret=bytearray(0)):
         self.masterSecret = masterSecret
         self.sessionID = sessionID
         self.cipherSuite = cipherSuite
@@ -130,6 +132,8 @@ def create(self, masterSecret, sessionID, cipherSuite,
         self.sr_app_secret = sr_app_secret
         self.exporterMasterSecret = exporterMasterSecret
         self.resumptionMasterSecret = resumptionMasterSecret
+        self.cl_handshake_traffic_secret = cl_hs_traffic_secret
+        self.sr_handshake_traffic_secret = sr_hs_traffic_secret
         # NOTE we need a reference copy not a copy of object here!
         self.tickets = tickets
         self.tls_1_0_tickets = tls_1_0_tickets
diff --git a/tlslite/sslkeylogging.py b/tlslite/sslkeylogging.py
new file mode 100644
index 00000000..b65bd63b
--- /dev/null
+++ b/tlslite/sslkeylogging.py
@@ -0,0 +1,76 @@
+import os
+import sys
+import threading
+from .utils.compat import b2a_hex
+
+
+def posix_lock_write(file_path, lines):
+    import fcntl
+    with open(file_path, 'a') as f:
+        fcntl.flock(f, fcntl.LOCK_EX)
+        try:
+            f.writelines(lines)
+            f.flush()
+        finally:
+            fcntl.flock(f, fcntl.LOCK_UN)
+
+
+def unsafe_write(file_path, lines):
+    with open(file_path, 'a') as f:
+        f.writelines(lines)
+        f.flush()
+
+
+class SSLKeyLogger:
+    """
+    Write session secrets to the file pointed to by the SSLKEYLOGFILE
+    environment variable. Implemented to be thread-safe at the class level and
+    uses OS level file-locking. The file-locking implementation is a function
+    assigned to self.lock_write and determined by the value of sys.platform.
+
+    Currently, POSIX is supported for thread and process safety. If enabled for
+    other systems, safety is not guaranteed.
+
+    :param logfile_override: specify the filepath for logging
+    :type logfile_override: str
+    """
+    _lock = threading.Lock()
+
+    def __init__(self, logfile_override=None):
+        self.ssl_key_logfile = os.environ.get('SSLKEYLOGFILE')
+        if logfile_override:
+            self.ssl_key_logfile = logfile_override
+        self.platform = sys.platform
+        if self.platform in ['darwin', 'linux']:
+            self.lock_write = posix_lock_write
+        else:
+            self.lock_write = unsafe_write
+
+    def log_session_keys(self, keys):
+        """
+        Log session keys to the SSL key log file, if configured.
+
+        Write session keys in the `SSLKEYLOGFILE` format, allowing tools like
+        Wireshark to decrypt captured traffic. Each entry is written as a line
+        with the format: ``<LABEL> <CLIENT_RANDOM> <SECRET>``.
+
+        If neither the `SSLKEYLOGFILE` environment variable nor a
+        `logfile_override` is set, this method is a no-op.
+
+        :param keys: List of (label, client_random, secret) tuples.
+        :type keys: list[tuple[str, bytes, bytes]]
+        """
+        if not self.ssl_key_logfile:
+            return
+
+        lines = [
+            "{0} {1} {2}\n".format(
+                label,
+                b2a_hex(client_random).upper(),
+                b2a_hex(secret).upper()
+            )
+            for label, client_random, secret in keys
+        ]
+
+        with self._lock:
+            self.lock_write(self.ssl_key_logfile, lines)
diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
index 856e10f2..60bffc10 100644
--- a/tlslite/tlsconnection.py
+++ b/tlslite/tlsconnection.py
@@ -43,6 +43,7 @@
 from .utils.cipherfactory import createAESCCM, createAESCCM_8, \
         createAESGCM, createCHACHA20
 from .utils.compression import choose_compression_send_algo
+from .sslkeylogging import SSLKeyLogger
 
 
 class TLSConnection(TLSRecordLayer):
@@ -80,7 +81,7 @@ class TLSConnection(TLSRecordLayer):
         compression wasn't used then it is set to None.
     """
 
-    def __init__(self, sock):
+    def __init__(self, sock, ssl_key_log_file=None):
         """Create a new TLSConnection instance.
 
         :param sock: The socket data will be transmitted on.  The
@@ -88,6 +89,12 @@ def __init__(self, sock):
             non-blocking mode.
 
         :type sock: socket.socket
+
+        :param ssl_key_log_file: override location for logging session secrets.
+            If not provided the filepath pointed to by the SSLKEYLOGFILE env
+            variable will be used.
+
+        :type ssl_key_log_file: str
         """
         TLSRecordLayer.__init__(self, sock)
         self.serverSigAlg = None
@@ -105,6 +112,7 @@ def __init__(self, sock):
         self._pha_supported = False
         self.client_cert_compression_algo = None
         self.server_cert_compression_algo = None
+        self.ssl_key_logger = SSLKeyLogger(ssl_key_log_file)
 
     def keyingMaterialExporter(self, label, length=20):
         """Return keying material as described in RFC 5705
@@ -418,7 +426,6 @@ def _handshakeClientAsync(self, srpParams=(), certParams=(), anonParams=(),
                               session=None, settings=None, checker=None,
                               nextProtos=None, serverName=None, reqTack=True,
                               alpn=None):
-
         handshaker = self._handshakeClientAsyncHelper(srpParams=srpParams,
                 certParams=certParams,
                 anonParams=anonParams,
@@ -431,6 +438,16 @@ def _handshakeClientAsync(self, srpParams=(), certParams=(), anonParams=(),
         for result in self._handshakeWrapperAsync(handshaker, checker):
             yield result
 
+        # Log client random and master secret for version < TLS1.3
+        # in the case of SRP fault, the session instance will be None
+        if self.session is not None:
+            if self.version < (3, 4):
+                self.ssl_key_logger.log_session_keys([(
+                    'CLIENT_RANDOM',
+                    self._clientRandom,
+                    self.session.masterSecret
+                )])
+
 
     def _handshakeClientAsyncHelper(self, srpParams, certParams, anonParams,
                                session, settings, serverName, nextProtos,
@@ -1332,6 +1349,14 @@ def _clientTLS13Handshake(self, settings, session, clientHello,
                                                     self._handshake_hash,
                                                     prfName)
 
+        # TLS1.3 log Client and Server traffic secrets for SSLKEYLOGFILE
+        self.ssl_key_logger.log_session_keys([
+            ('CLIENT_HANDSHAKE_TRAFFIC_SECRET',
+             clientHello.random, cl_handshake_traffic_secret),
+            ('SERVER_HANDSHAKE_TRAFFIC_SECRET',
+             clientHello.random, sr_handshake_traffic_secret)
+        ])
+
         # prepare for reading encrypted messages
         self._recordLayer.calcTLS1_3PendingState(
             serverHello.cipher_suite,
@@ -1660,6 +1685,15 @@ def _clientTLS13Handshake(self, settings, session, clientHello,
                                                bytearray(b'exp master'),
                                                self._handshake_hash, prfName)
 
+
+        # Now that we have all the TLS1.3 secrets during the handshake,
+        # log them if necessary
+        self.ssl_key_logger.log_session_keys([
+            ('EXPORTER_SECRET', clientHello.random, exporter_master_secret),
+            ('CLIENT_TRAFFIC_SECRET_0', clientHello.random, cl_app_traffic),
+            ('SERVER_TRAFFIC_SECRET_0', clientHello.random, sr_app_traffic)
+        ])
+
         self._recordLayer.calcTLS1_3PendingState(
             serverHello.cipher_suite,
             cl_app_traffic,
@@ -1756,7 +1790,9 @@ def _clientTLS13Handshake(self, settings, session, clientHello,
                             resumptionMasterSecret=resumption_master_secret,
                             # NOTE it must be a reference, not a copy!
                             tickets=self.tickets,
-                            delegated_credential=delegated_credential)
+                            delegated_credential=delegated_credential,
+                            cl_hs_traffic_secret=cl_handshake_traffic_secret,
+                            sr_hs_traffic_secret=sr_handshake_traffic_secret)
 
         yield "finished" if not resuming else "resumed_and_finished"
 
@@ -2321,6 +2357,16 @@ def handshakeServerAsync(self, verifierDB=None,
         for result in self._handshakeWrapperAsync(handshaker, checker):
             yield result
 
+        # Log client random and master secret for version < TLS1.3
+        # in the case of SRP fault, the session instance will be None
+        if self.session is not None:
+            if self.version < (3, 4):
+                self.ssl_key_logger.log_session_keys([(
+                    'CLIENT_RANDOM',
+                    self._clientRandom,
+                    self.session.masterSecret
+                )])
+
 
     def _handshakeServerAsyncHelper(self, verifierDB,
                                     cert_chain, privateKey, reqCert,
@@ -3048,6 +3094,15 @@ def _serverTLS13Handshake(self, settings, clientHello, cipherSuite,
                                                     bytearray(b'c hs traffic'),
                                                     self._handshake_hash,
                                                     prf_name)
+
+        # TLS1.3 log Client and Server traffic secrets for SSLKEYLOGFILE
+        self.ssl_key_logger.log_session_keys([
+            ('CLIENT_HANDSHAKE_TRAFFIC_SECRET',
+             clientHello.random, cl_handshake_traffic_secret),
+            ('SERVER_HANDSHAKE_TRAFFIC_SECRET',
+             clientHello.random, sr_handshake_traffic_secret)
+        ])
+
         self.version = version
         self._recordLayer.calcTLS1_3PendingState(
             cipherSuite,
@@ -3328,6 +3383,19 @@ def _serverTLS13Handshake(self, settings, clientHello, cipherSuite,
                                                self._handshake_hash,
                                                prf_name)
 
+
+        # Now that we have all the TLS1.3 secrets during the handshake,
+        # log them if necessary
+        self.ssl_key_logger.log_session_keys([
+            ('EXPORTER_SECRET',
+             clientHello.random, exporter_master_secret),
+            ('CLIENT_TRAFFIC_SECRET_0',
+             clientHello.random, cl_app_traffic),
+            ('SERVER_TRAFFIC_SECRET_0',
+             clientHello.random, sr_app_traffic)
+        ])
+
+
         # verify Finished of client
         cl_finished_key = HKDF_expand_label(cl_handshake_traffic_secret,
                                             b"finished", b'',
diff --git a/unit_tests/test_tlslite_ssl_key_log_file.py b/unit_tests/test_tlslite_ssl_key_log_file.py
new file mode 100644
index 00000000..74da1f40
--- /dev/null
+++ b/unit_tests/test_tlslite_ssl_key_log_file.py
@@ -0,0 +1,263 @@
+try:
+    import unittest2 as unittest
+except ImportError:
+    import unittest
+
+import os
+import socket
+from threading import Thread
+import tempfile
+import unittest
+
+from tlslite.sslkeylogging import SSLKeyLogger
+from tlslite.utils.compat import b2a_hex
+
+
+class TestSslKeyLogFile(unittest.TestCase):
+    def __init__(self, *args, **kwargs):
+        super(TestSslKeyLogFile, self).__init__(*args, **kwargs)
+
+    def setUp(self):
+        self.temp_log_file = tempfile.NamedTemporaryFile(delete=False)
+        if self._testMethodName != "test_logfile_override":
+            os.environ['SSLKEYLOGFILE'] = self.temp_log_file.name
+
+    def tearDown(self):
+        os.remove(self.temp_log_file.name)
+        if os.environ.get('SSLKEYLOGFILE'):
+            del os.environ['SSLKEYLOGFILE']
+
+    def test_pre_13(self):
+        logger_count = 3
+
+        loggers = []
+        for i in range(logger_count):
+            loggers.append(SSLKeyLogger())
+
+        threads = []
+        expected_labels = []
+        for i in range(logger_count):
+            client_random = os.urandom(32)
+            master_secret = os.urandom(48)
+            labels = [("CLIENT_RANDOM", client_random, master_secret)]
+            expected_labels.extend(labels)
+            logger = loggers[i]
+            threads.append(
+                Thread(target=logger.log_session_keys, args=(labels,))
+            )
+
+        for thread in threads:
+            thread.start()
+
+        for thread in threads:
+            thread.join(10)
+
+        self.validate_log_file(expected_labels)
+
+    def test_13(self):
+        logger_count = 3
+
+        loggers = []
+        for i in range(logger_count):
+            loggers.append(SSLKeyLogger())
+
+        threads = []
+        expected_labels = []
+        for i in range(logger_count):
+            client_random = os.urandom(32)
+            labels = [
+                (
+                    "SERVER_HANDSHAKE_TRAFFIC_SECRET",
+                    client_random,
+                    os.urandom(32)
+                ),
+                (
+                    "EXPORTER_SECRET",
+                    client_random,
+                    os.urandom(32)
+                ),
+                (
+                    "SERVER_TRAFFIC_SECRET_0",
+                    client_random,
+                    os.urandom(32)
+                ),
+                (
+                    "CLIENT_HANDSHAKE_TRAFFIC_SECRET",
+                    client_random,
+                    os.urandom(32)
+                ),
+                (
+                    "CLIENT_TRAFFIC_SECRET_0",
+                    client_random,
+                    os.urandom(32)
+                )
+            ]
+            expected_labels.extend(labels)
+            logger = loggers[i]
+            threads.append(
+                Thread(target=logger.log_session_keys, args=(labels,))
+            )
+
+        for thread in threads:
+            thread.start()
+
+        for thread in threads:
+            thread.join(10)
+
+        self.validate_log_file(expected_labels)
+
+    def test_logfile_override(self):
+        logger_count = 3
+
+        loggers = []
+        for i in range(logger_count):
+            loggers.append(
+                SSLKeyLogger(logfile_override=self.temp_log_file.name)
+            )
+
+        threads = []
+        expected_labels = []
+        for i in range(logger_count):
+            client_random = os.urandom(32)
+            labels = [
+                (
+                    "SERVER_HANDSHAKE_TRAFFIC_SECRET",
+                    client_random,
+                    os.urandom(32)
+                ),
+                (
+                    "EXPORTER_SECRET",
+                    client_random,
+                    os.urandom(32)
+                ),
+                (
+                    "SERVER_TRAFFIC_SECRET_0",
+                    client_random,
+                    os.urandom(32)
+                ),
+                (
+                    "CLIENT_HANDSHAKE_TRAFFIC_SECRET",
+                    client_random,
+                    os.urandom(32)
+                ),
+                (
+                    "CLIENT_TRAFFIC_SECRET_0",
+                    client_random,
+                    os.urandom(32)
+                )
+            ]
+            expected_labels.extend(labels)
+            logger = loggers[i]
+            threads.append(
+                Thread(target=logger.log_session_keys, args=(labels,))
+            )
+
+        for thread in threads:
+            thread.start()
+
+        for thread in threads:
+            thread.join(10)
+
+        self.validate_log_file(expected_labels)
+
+
+    def load_cert_chain(self):
+        from tlslite import X509, X509CertChain, parsePEMKey
+        cert_file_path = os.path.join(os.path.dirname(__file__),
+                                      '../tests/serverRSANonCACert.pem')
+        x509 = X509()
+        with open(cert_file_path) as cert:
+            x509.parse(cert.read())
+
+        certChain = X509CertChain([x509])
+        key_file_path = os.path.join(os.path.dirname(__file__),
+                                      '../tests/serverRSANonCAKey.pem')
+
+        with open(key_file_path) as key:
+            privateKey = parsePEMKey(key.read(), private=True)
+
+        return certChain, privateKey
+
+    def new_server_connection(self, sock):
+        from tlslite import TLSConnection
+        tls_connection = TLSConnection(sock)
+        certChain, privateKey = self.load_cert_chain()
+        tls_connection.handshakeServer(
+            certChain=certChain, privateKey=privateKey
+        )
+
+    def new_client_connection(self, sock, ver=(3, 4)):
+        from tlslite import TLSConnection, HandshakeSettings
+        tls_connection = TLSConnection(sock)
+        settings = HandshakeSettings()
+        settings.maxVersion = ver
+        tls_connection.handshakeClientCert(settings=settings)
+        return tls_connection
+
+    def connect_socket_pair(self, ver):
+        client_sock, server_sock = socket.socketpair()
+        server_thread = Thread(
+            target=self.new_server_connection,
+            args=(server_sock,)
+        )
+        server_thread.start()
+        tls_connection = self.new_client_connection(client_sock, ver)
+
+        server_thread.join(10)
+
+        if ver == (3, 4):
+            shts = tls_connection.session.sr_handshake_traffic_secret
+            chts = tls_connection.session.cl_handshake_traffic_secret
+            es = tls_connection.session.exporterMasterSecret
+            cas = tls_connection.session.cl_app_secret
+            sas = tls_connection.session.sr_app_secret
+            tls_connection.close()
+            client_sock.close()
+            server_sock.close()
+            return tls_connection._clientRandom, shts, chts, es, cas, sas
+        elif ver < (3, 4):
+            cr = tls_connection._clientRandom
+            ms = tls_connection.session.masterSecret
+            tls_connection.close()
+            client_sock.close()
+            server_sock.close()
+            return cr, ms
+
+    def test_socket_pair_12(self):
+        ver = (3, 3)
+        cr, ms = self.connect_socket_pair(ver)
+        expected_labels = [
+            ("CLIENT_RANDOM", cr, ms)
+        ]
+        self.validate_log_file(expected_labels)
+
+    def test_socket_pair_13(self):
+        ver = (3, 4)
+        cr, shts, chts, es, cas, sas = self.connect_socket_pair(ver)
+        expected_labels = [
+            ("SERVER_HANDSHAKE_TRAFFIC_SECRET", cr, shts),
+            ("EXPORTER_SECRET", cr, es),
+            ("SERVER_TRAFFIC_SECRET_0", cr, sas),
+            ("CLIENT_HANDSHAKE_TRAFFIC_SECRET", cr, chts),
+            ("CLIENT_TRAFFIC_SECRET_0", cr, cas)
+        ]
+        self.validate_log_file(expected_labels)
+
+    def validate_log_file(self, all_labels):
+        # Validates lines in SSLKEYLOGFILE for both TLS 1.2 and TLS 1.3
+        with open(self.temp_log_file.name, 'r') as log_file:
+            lines = [log_line.strip() for log_line in log_file.readlines()]
+            for label_name, client_random, secret in all_labels:
+                expected_label = "{0} {1} {2}".format(
+                    label_name,
+                    b2a_hex(client_random).upper(),
+                    b2a_hex(secret).upper()
+                )
+                self.assertTrue(
+                    expected_label in lines,
+                    "Didn't find expected: {0}".format(expected_label)
+                )
+
+
+if __name__ == "__main__":
+    unittest.main()