Troubleshooting PFS - BIG-IP Feature Request?
Hello all!
Ever since I heard of PFS I started dreading the day I would need to troubleshoot a PFS flow.
I read some interesting suggestions of how to deal with it. One could make SSL bridging, where the client-side have PFS enabled and the server-side would not have PFS diisabled, sou you could tcpdump the internal traffic.
Another solution involves third party hardware and a lot of prep, which is not feasible if you're a little shop IMHO.
But my question is: Since BIG-IP is sitting right in the middle of the traffic (on flows it's terminating SSL/TLS and not proxying it), wouldn't it be "easy" to dump the traffic in clear text?
This "feature" would be so handy and since BIG-IP is full-proxy it makes sense to me it could do that...
Any thoughts?
Cheers! Rafael