Config advice / wireshark

Robert Paprocki rpaprocki at
Fri Apr 21 15:21:26 UTC 2017

Unless wireshark has access to the private key (and PFC isn't enabled), you're best bet would be to log the data from nginx directly, rather than trying to examine the raw bytes on the wire. 

> On Apr 21, 2017, at 08:10, Joel Parker < at> wrote:
> I currently have a config that allows me to terminate TLSv1.2 and decrypt it. Then it re-encrypts the packets with a different cert before sending to the upstream servers. I want to "look" at the decrypted packets before they are encrypted but I am not sure the best way to accomplish this.
> _______________________________________________
> nginx mailing list
> nginx at

More information about the nginx mailing list