Hi I'm considering writing an application that can passively sniff SSL/TLS traffic, as part of an assignment at university. I'm aware of SSLDUMP, but still want to go my own path.
I've written a client/server implementation of openssl, and know that alot of functions are coded for that purpose, but I wonder if there are basic functions that can use the handshake/protocol setup information that it sees on the network, between a client and server, and then use that information to sniff the connection. (Of course, the implementation would have access to the servers private key.) What are the limitations of openssl with regards to this, and is it relatively easy to implement (compared to a standard client/server implementation)? I'm looking forward for some feedback.. Thanks Göran -- ------------------------------------------------------- Göran Sandahl - <[EMAIL PROTECTED]> - GPG Fingerprint: 58CB C304 92A7 FCF6 349D 9C49 D279 38F2 C06C D351 Personal homepage : http://gsandahl.net ------------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
