Debugging a reverse proxy using TLS

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Debugging a reverse proxy using TLS

Tom Browder
Is there any way with the Apache logs to see (and capture) the raw data being received on the backside of a reverse proxy using TLS?

If so, is there any way to unenccode the data offline with OpenSSL if one has the public and private keys?

Thanks so much.

Best regards,

-Tom


Reply | Threaded
Open this post in threaded view
|

Re: Debugging a reverse proxy using TLS

Eric Covener
On Tue, Sep 1, 2020 at 10:58 AM Tom Browder <[hidden email]> wrote:
>
> Is there any way with the Apache logs to see (and capture) the raw data being received on the backside of a reverse proxy using TLS?

I assume https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html will have it.
>
> If so, is there any way to unenccode the data offline with OpenSSL if one has the public and private keys?

There are wireshark recipes for this, but IIUC w/ ECDHE you also need
to export the ephemeral key (or something that isn't just in the cert)
which browsers sometimes support with SSLKEYLOGFILE.
I think httpd only does this in trunk  -- search under the same
keyword SSLKEYLOGFILE

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Debugging a reverse proxy using TLS

Tom Browder
On Tue, Sep 1, 2020 at 10:18 Eric Covener <[hidden email]> wrote:
On Tue, Sep 1, 2020 at 10:58 AM Tom Browder <[hidden email]> wrote:
> Is there any way with the Apache logs to see (and capture) the raw data being received on the backside of a reverse proxy using TLS?

I assume https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html will have it.
...

Thanks, Eric. That is very helpful. 

I wasn't aware of that module. And I'll have to look into using Wireshark.

Best regards,

-Tom

P.S. I wish the old O'Reilly Apache books (especially the Cookbook) could be updated.