>
> > From: Charles B Cranston
> >
> > MacDermid, Kenny wrote:
> > > I'm looking to locally reverse engineer a network protocol
> > > that's encrypted using ssl.
> >
> > Another method would be to use a man-in-the-middle attack on
> > a third machine, but that machine would need access to the
> > private key of the certificate to be used. Somewhere around
> > I have a generic man-in-the-middle Unix program that I wrote
> > to try to debug some early IMAP problems on the Handspring
> > Visor, but it doesn't have any SSL.
>
> I don't actually have access to the server, or the private key
> it is using. Also I'm guessing the client is smart enough to
> check the server certificate, so I'm guessing a generic
> man-in-the-middle is out.
If you can't compromise either the client or the server in some way, you
cannot decrypt the data. That's the whole point of SSL. You will have to get
the data out of the client application directly.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
