TLS Connections
For HTTPS traffic, powhttp captures detailed information about the TLS handshake and connection establishment. This includes cipher suites, protocol versions, certificates and other security-related details. The TLS endpoint provides access to the complete sequence of events that occurred during the TLS handshake for a specific connection.
Get TLS Connection Details
Retrieves detailed event information for a TLS connection. Each event represents a step in the TLS handshake process, providing insight into how the secure connection was established.
GET /tls/{connection_id}Path Parameters:
connection_id: The ULID of the TLS connection, which can be found in thetls.connectionIdfield of an entry
Response:
Returns an array of TLS events detailing the handshake process. The structure and available fields depend on the specific events that occurred during the connection. Events may include information about:
client_helloandserver_hellomessages with supported cipher suites and extensions- Certificate exchange and validation
- Key exchange and session establishment
- Protocol version negotiation
- ALPN (Application-Layer Protocol Negotiation) results
Example Request:
GET /tls/01K88WZ6D6BK0256Z61GH9XX5VFinding Connection IDs
TLS connection IDs are available in entry objects returned from the entries endpoints. Look for the tls.connectionId field in an entry response. If this field is null, the entry does not use TLS or the connection information is not available.
{
"id": "01K88WZ6TMNGMRB5JVZSHPSETA",
"url": "https://example.powhttp.com/post",
"tls": {
"connectionId": "01K88WZ6D6BK0256Z61GH9XX5V", <- here
...
},
...
}Connection Reuse
Multiple entries may share the same TLS connection ID when connection reuse occurs. This is common in HTTP/1.1 with keep-alive and HTTP/2 where multiple requests share a single connection. By examining the TLS connection details once, you can understand the security properties of all entries that used that connection.