mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-04-01 17:11:04 +02:00
c8bfd06b57
Add keylog_format_fc and keylog_format_bc global variables containing the SSLKEYLOGFILE log-format strings for the frontend (client-facing) and backend (server-facing) TLS connections respectively. These produce output compatible with the SSLKEYLOGFILE format described at: https://tlswg.org/sslkeylogfile/draft-ietf-tls-keylogfile.html Both formats are also exported as environment variables at startup: HAPROXY_KEYLOG_FC_LOG_FMT HAPROXY_KEYLOG_BC_LOG_FMT These variables contains \n so they might not be compatible with syslog servers, using them with stderr or a sink might be required. These can be referenced directly in "log-format" directives to produce SSLKEYLOGFILE-compatible output, usable by network analyzers such as Wireshark to decrypt captured TLS traffic.