On Mon, Oct 12, 2020 at 10:33:26AM +0200, [email protected] wrote: > Hi All, > > Because of troubleshooting I would like to decrypt the TLS connection on > the backend towards our partner. > I found I can do it with the setting of environment variable > SSLKEYLOGFILE and Wireshark. > I set "tune.ssl.keylog on" but I do not understand the description below > this parameter. > > Please could someone provide me some example how to configure HAPROXY to > save data to SSLKEYLOGFILE > > Regards, > Peter Micunek
Hello, HAProxy is not able to write to a file once started, so the "tune.ssl.keylog" option allows you to log each parameter of this file. You will need to configure a log-format with the sample fetches described in the documentation: https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#tune.ssl.keylog And then compose a SSLKEYLOGFILE from your logs that you will open with wireshark. -- William Lallemand
