TLS adoption in today’s environments is growing rapidly and poses challenges for tracing tools that intercept microservices’ RPC messages. Normal traffic sniffing collects the encrypted data and has no means to access the original payload. This inhibits traditional tracing tools and complicates debugging systems when critical issues arise.

To address this, eBPF tools probe user space to regain access to the plaintext data. While these approaches are exciting, scaling this type of instrumentation presents a new set of difficulties due to the variety of library choices, possible versions of each library and type of linking.

We present the techniques developed to reliably trace TLS applications across a wide array of conditions found in real-life applications. This allows Pixie to trace both BoringSSL and OpenSSL and reduces the maintenance for supporting new library versions compared to the previous tracing. We conclude by noting the coverage challenges that remain and our future plans