This feature is called Decrypted SSL packets (SSLPLAIN). On earlier versions of NetScaler 11.0 you can decrypt the trace on the fly there is no need for private keys. For detailed steps refer to the Additional Resources section of this article. In NetScaler software release 10.5 and later, to decrypt the capture, ensure that ECC (Elliptic Curve Cryptography) and DH Param are disabled/removed from the virtual server before the trace is captured. If we are troubleshooting Load balancing vserver or Content switching vserver related setup then it should be disabled at the VIP as well as the Service/Service Group level as well. In order to properly decrypt the trace, SSL Session Reuse must be disabled at vserver level (If it is a gateway vserver related troubleshooting) to ensure that we see a full SSL handshake in the nstrace captured.
0 Comments
Leave a Reply. |