Ask HN: How do you intercept server-side HTTPS traffic for debugging? - gtirloni
======
zelon88
If you have a firewall appliance it probably has "TLS Inspection" (sometimes
incorrectly referred to as "SSL Inspection"). You could setup PFSense [1]
locally on the server to accomplish the same goals.

Note that this is universally agreed upon to be a bad idea. [2] [3] [4] [5]

[1] [https://www.pfsense.org/](https://www.pfsense.org/)
[2][https://www.schneier.com/blog/archives/2019/11/the_nsa_warns...](https://www.schneier.com/blog/archives/2019/11/the_nsa_warns_o.html)
[3]
[https://media.defense.gov/2019/Nov/18/2002212783/-1/-1/0/MAN...](https://media.defense.gov/2019/Nov/18/2002212783/-1/-1/0/MANAGING%20RISK%20FROM%20TLS%20INSPECTION_20191106.PDF)
[4] [https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-
ssl-i...](https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-
inspection.html) [5] [https://www.us-
cert.gov/ncas/alerts/TA17-075A](https://www.us-cert.gov/ncas/alerts/TA17-075A)

------
echeese
I attach a debugger to the server

