httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] Debugging a reverse proxy using TLS
Date Tue, 01 Sep 2020 15:18:01 GMT
On Tue, Sep 1, 2020 at 10:58 AM Tom Browder <tom.browder@gmail.com> wrote:
>
> Is there any way with the Apache logs to see (and capture) the raw data being received
on the backside of a reverse proxy using TLS?

I assume https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html will have it.
>
> If so, is there any way to unenccode the data offline with OpenSSL if one has the public
and private keys?

There are wireshark recipes for this, but IIUC w/ ECDHE you also need
to export the ephemeral key (or something that isn't just in the cert)
which browsers sometimes support with SSLKEYLOGFILE.
I think httpd only does this in trunk  -- search under the same
keyword SSLKEYLOGFILE

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message