ghost
commented
4 years ago Tagging subscribers to this area: @dotnet/ncl Notify danmosemsft if you want to be subscribed.
Open gattimassimo opened 4 years ago
ghost
commented
4 years ago Tagging subscribers to this area: @dotnet/ncl Notify danmosemsft if you want to be subscribed.
wfurt
commented
4 years ago You really talking about SslStream and possibly Negotiate, right? If on windows you may get what you want using schannel tracing.
.NET is currently providing only chiper-text logging enabling this network diagnostics feature: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/how-to-configure-network-tracing
This is unfortunately not providing clear text logging, hence it is not useful at all for troubleshooting and pushes the user to use Fiddler/wireshark to get better logging.
In test environments wireshark/fiddler is welcome, but when it comes to production servers, these tools cannot be used.
Other options are: "netsh trace start" + Message Analyzer, however it won't decrypt the payload unless you have the cert and the cert password, so it is not an option in case you are a client connecting to a server which you don't own.
https://support.citrix.com/article/CTX214599
https://docs.microsoft.com/en-us/message-analyzer/decrypting-tls-and-ssl-encrypted-data#decrypting-trace-data
At this stage, the only option is to have each application implement some sort of logging to log plain text payloads on demand, which will be expensive and writing same logic everywhere, when the infra is already sort of available and explained here: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/how-to-configure-network-tracing and it just needs to be extended for plain text logging.
This would really make the difference in day to day production troubleshooting of many components.