Unless wireshark has access to the private key (and PFC isn't enabled), you're best bet would be to log the data from nginx directly, rather than trying to examine the raw bytes on the wire.
> On Apr 21, 2017, at 08:10, Joel Parker <joel.parker...@gmail.com> wrote: > > I currently have a config that allows me to terminate TLSv1.2 and decrypt it. > Then it re-encrypts the packets with a different cert before sending to the > upstream servers. I want to "look" at the decrypted packets before they are > encrypted but I am not sure the best way to accomplish this. > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
