Testing in case of TLS 1.3 with AES-GCM
At work, I'm used to sniffing and capturing on network interfaces by which client and server intercom on LAN in my domain so as to grab genuine business data, followed by my customized replaying to auto-testing business processing logic of certain software repeatedly.
This is what I know to be a classic bottom-up method in software testing methodologies. But such practice turns out hard when TLS protocol is enrolled and even so for TLS v1.3, which is well-known for its forward secrecy feature.
I believe this frustrates most of us testing engineers, for that no alternative based on sniffing-and-capturing apparatus yet to be disclosed in case of TLS v1.3 based client and server software. Am I right?
I'd like to hear from the community if this makes sense.
