diff --git a/interop/server/main.go b/interop/server/main.go
index a4f77ca15..9b099f19c 100644
--- a/interop/server/main.go
+++ b/interop/server/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/tls"
 	"fmt"
 	"log"
 	"net"
@@ -13,6 +14,8 @@ import (
 	"github.com/lucas-clemente/quic-go/interop/http09"
 )
 
+var tlsConf *tls.Config
+
 func main() {
 	logFile, err := os.Create("/logs/log.txt")
 	if err != nil {
@@ -22,12 +25,21 @@ func main() {
 	defer logFile.Close()
 	log.SetOutput(logFile)
 
+	keyLog, err := os.Create("/logs/keylogfile.txt")
+	if err != nil {
+		fmt.Printf("Could not create key log file: %s\n", err.Error())
+		os.Exit(1)
+	}
+	defer keyLog.Close()
+
 	testcase := os.Getenv("TESTCASE")
 
 	// a quic.Config that doesn't do a Retry
 	quicConf := &quic.Config{
 		AcceptToken: func(_ net.Addr, _ *quic.Token) bool { return true },
 	}
+	tlsConf = testdata.GetTLSConfig()
+	tlsConf.KeyLogWriter = keyLog
 
 	switch testcase {
 	case "versionnegotiation", "handshake", "transfer", "resumption":
@@ -53,7 +65,7 @@ func runHTTP09Server(quicConf *quic.Config) error {
 	server := http09.Server{
 		Server: &http.Server{
 			Addr:      "0.0.0.0:443",
-			TLSConfig: testdata.GetTLSConfig(),
+			TLSConfig: tlsConf,
 		},
 		QuicConfig: quicConf,
 	}
@@ -65,7 +77,7 @@ func runHTTP3Server(quicConf *quic.Config) error {
 	server := http3.Server{
 		Server: &http.Server{
 			Addr:      "0.0.0.0:443",
-			TLSConfig: testdata.GetTLSConfig(),
+			TLSConfig: tlsConf,
 		},
 		QuicConfig: quicConf,
 	}