Re: Decrypting SSL packets with openSSL

Fri, 07 Nov 2003 11:02:29 -0800 

No, ssldump definitely works.

One weakness (in my humble opinion) of static RSA is that if the server's
private key is compromised, an eavesdropper can read all traffic from past,
current, or future SSL sessions protected with that key.  (In other words,
"ssldump works".)

SSL/TLS allows negotiation of a combination of RSA encryption and "Diffie-
Hellman key agreement" to protect a session.  While this is more
computationally expensive, I believe it provides better security because
knowing the server's RSA private key is no longer enough to recover the
plaintext traffic.  (A broad oversimplification:  in D-H key agreement, each
side picks a random value [the "Diffie-Hellman private key"], generates
a public key from that value. and sends the public key to the peer.  By
combining the peer's public key with the private key, each side derives the
same result.  It's called "key agreement" instead of "key exchange" because
the key is never actually sent over the network.  By contrast, sending the
encrypted pre-master secret is an example of "key exchange.")

Even if ssldump has the server's private key, if the negotiation includes a
Diffie-Hellman agreement, ssldump (or any other eavesdropper) won't be able
to decrypt the session.

                    - Ken

On Fri, Nov 07, 2003 at 11:52:42AM +1300, Jason Haar wrote:
> On Thu, Nov 06, 2003 at 09:21:38AM +0100, Lutz Jaenicke wrote:
> > Hmm. ssldump (http://www.rtfm.com/ssldump) does have the ability to
> > perform this task. Maybe you can get some hint by "studying" its
> > implementation :-)
> 
> I don't think it really works - I certainly never got it to work.
> 
> It actually says:
> 
> "ssldump can decrypt traffic between two hosts if the following two
> conditions are met:
>                          
> 1. ssldump has the keys.
> 2. Static RSA was used."
> 
> I don't know what "Static RSA" is - but I guess my Apache servers don't have
> it :-<
>                                        
> -- 
> Cheers
> 
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to