[
https://issues.apache.org/jira/browse/TS-3534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14559290#comment-14559290
]
David Carlin commented on TS-3534:
----------------------------------
I've found it very valuable. In order to trace SSL in wireshark I need to:
1) Disable PFS, remove DHE ciphers
2) Disable SSL Session ID Cache and Tickets so I can capture the full handshake.
3) Copy private key off server to use with Wireshark, or use tshark on the
remote host
4) Restart ATS
With Eric's patch i can enable/disable SSL wire tracing it whenever I want. I
like that I don't have to restart ATS - doing so may clear the condition I'm
trying to capture.
> Wiretracing for SSL connections
> -------------------------------
>
> Key: TS-3534
> URL: https://issues.apache.org/jira/browse/TS-3534
> Project: Traffic Server
> Issue Type: New Feature
> Components: Logging, Tools
> Reporter: Eric Schwartz
> Assignee: Eric Schwartz
> Fix For: sometime
>
>
> Opening a ticket for discussion of the wiretracing change I made on our
> internal version of ATS.
> The change allows for tracing requests through ATS for: a small percentage of
> traffic, traffic from a certain IP and/or traffic to a specific origin. These
> settings can be combined.
> The main updates are to SSLNetVConnection and UnixNetVConnection (adding the
> trace logic) and to the Logging APIs (to add the special trace logs). One
> change is made to HttpSM to allow client and server traces to be associated
> with one another.
> [~dcarlin] has some notes from the summit on the initial discussion.
> I'll add a pull request with actual code for people to look at shortly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
