Opened 11 months ago
Closed 11 months ago
#2498 closed task (invalid)
Question:Capture keys on nginx-quic to decrypt QUIC pcap
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | trivial | Milestone: | |
| Component: | http/3 | Version: | 1.19.x |
| Keywords: | Cc: | ||
| uname -a: |
root@ubuntu:/src/nginx-quic# uname -v
#66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 |
||
| nginx -V: |
root@ubuntu:/src/nginx-quic# nginx -V nginx version: nginx/1.23.4 (nginx-quic) built by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04.1) built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --build=nginx-quic --with-debug --with-http_v3_module --with-cc-opt=-I/src/boringssl/include --with-ld-opt='-L/src/boringssl/build/ssl -L/src/boringssl/build/crypto' root@ubuntu:/src/nginx-quic# |
||
Description
I know this is the wrong place to raise a ticket here for this question but i dont have any other option.
I wrote a mail to nginx@…,nginx-devel@… and asked in comment on Disqus nginx article and in nginx slack also but i didnt see any reply there.
Hope someone answers this query
Question:-
I need to capture the pcap file on my linux machine which is using nginx quic to connect and decrypt those packets using ssl key log file but i am unable to find how to capture ssl key log file on nginx-quic.
Could someone please help me to capture the ssl key log file ?
root@ubuntu:/src/nginx-quic# uname -v
#66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023
root@ubuntu:/src/nginx-quic# nginx -V
nginx version: nginx/1.23.4 (nginx-quic)
built by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04.1)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --build=nginx-quic --with-debug --with-http_v3_module --with-cc-opt=-I/src/boringssl/include --with-ld-opt='-L/src/boringssl/build/ssl -L/src/boringssl/build/crypto'
root@ubuntu:/src/nginx-quic#
Sorry for this question here,
Please let me know if you need any further info from my side.
nginx does not provide a way to capture SSL keys, consider using those from the client.