mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-15 10:11:03 +00:00
65674662b4
This adds 4 sample fetches: - ssl_fc_client_random - ssl_fc_server_random - ssl_bc_client_random - ssl_bc_server_random These fetches retrieve the client or server random value sent during the handshake. Their use is to be able to decrypt traffic sent using ephemeral ciphers. Tools like wireshark expect a TLS log file with lines in a few known formats (https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-tls-utils.c;h=28a51fb1fb029eae5cea52d37ff5b67d9b11950f;hb=HEAD#l5209). Previously the only format supported using data retrievable from HAProxy state was the one utilizing the Session-ID. However an SSL/TLS session ID is optional, and thus cannot be relied upon for this purpose. This change introduces the ability to extract the client random instead which can be used for one of the other formats. The change also adds the ability to extract the server random, just in case it might have some other use, as the code change to support this was trivial. |
||
|---|---|---|
| .. | ||
| design-thoughts | ||
| internals | ||
| lua-api | ||
| 51Degrees-device-detection.txt | ||
| acl.fig | ||
| architecture.txt | ||
| close-options.txt | ||
| coding-style.txt | ||
| configuration.txt | ||
| cookie-options.txt | ||
| DeviceAtlas-device-detection.txt | ||
| gpl.txt | ||
| haproxy.1 | ||
| intro.txt | ||
| lgpl.txt | ||
| linux-syn-cookies.txt | ||
| lua.txt | ||
| management.txt | ||
| netscaler-client-ip-insertion-protocol.txt | ||
| network-namespaces.txt | ||
| peers-v2.0.txt | ||
| peers.txt | ||
| proxy-protocol.txt | ||
| queuing.fig | ||
| regression-testing.txt | ||
| SOCKS4.protocol.txt | ||
| SPOE.txt | ||
| WURFL-device-detection.txt | ||