> Dave,All > I would also like to be able to recreate a "session" by > recording (i.e with TCPDump -w) and playing the databack > Through the proxy? If I understand the remarks below that might > not be possible? > > Thanks > Ed
It may or may not be possible, depending on many factors. At a minimum, you need the key used by the server. Some algorithms SSL might use, and applications on top of SSL might use, make it impossible for a non-participant to decrypt the data, even if they have all previously-created keys. For example, consider (grossly simplified): 1) Server creates a temporary RSA public/private key pair. 2) Server signs public key from the temporary RSA key with its normal permanent RSA private key. 3) Server sends temporary public key, signature, and real CA certificate to client. 4) Client verifies signature and certificate, decrypts public temporary RSA key. 5) Client sends something encrypted with the public temporary RSA key. 6) Server decrypts it with the temporary RSA private key. Now, analyzing this later, you would need the temporary RSA key created in step 1 to decrypt the data sent to the client. If that data was part of the symettric key used to protect the session, you are (by design) screwed. Again, what is your outer problem? If it's legitimate, there's probably a way to do it. But there is, by intentional design, no generic way to do this. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
