I tried the most naïve approach, but it doesn't output anything as I make curl requests
sudo ssldump \ -k /usr/local/lib/node_modules/serve-https/node_modules/localhost.daplie.com-certificates/certs/server/my-server.key.pem So I thought maybe I *must* supply an interface sudo ssldump \ -k /usr/local/lib/node_modules/serve-https/node_modules/localhost.daplie.com-certificates/certs/server/my-server.key.pem \ -i lo \ > dump.0.tls.bin Turns out that was correct. To limit verbosity I just captured one full request where it succeeded and then another when it didn't # this is the one that worked as expected pastebinit dump.1.tls.bin http://paste.ubuntu.com/11811750/ # this is the one that went to default anyway pastebinit dump.2.tls.bin http://paste.ubuntu.com/11811751/ Both were produced by curl --insecure https://baz.example.com:64443 I was expecting that the -k option would require just my server's key and that it would be able to decrypt data to plaintext, however, I see that it didn't decrypt, so perhaps I need to convert the keyfile to another format or bundle the certificate with the keys? Let me know if this is the format you expected. If not, please tell me what options I should be passing or what I might be doing wrong. AJ ONeal (317) 426-6525 On Thu, Jul 2, 2015 at 12:37 PM, Lukas Tribus <luky...@hotmail.com> wrote: > > > sudo haproxy -db -f /etc/haproxy/haproxy.cfg > > Backend IPs are 0.0.0.0. Thats probably not what you want. > Should be 127.0.0.1 if I understand correctly. > > > > > I've edited /etc/hosts so that baz.example.com<http://baz.example.com> > > points to 127.0.0.1 > > > > I've created a few bogus servers > > > > npm install -g serve-https > > serve-https -p 1443 -c 'Default on 1443' & > > serve-https -p 2443 -c 'bar on 2443' & > > serve-https -p 3443 -c 'baz on 3443' & > > > > And then I test, but I get random results. It only follows the SNI > > rules sometimes > > > > curl --insecure https://baz.example.com:64443 > > baz > > > > curl --insecure https://baz.example.com:64443 > > Default on 1443 > > Can you post "ssldump"captures of this traffic (working and > non working)? > > > Regards, > Lukas > >