prashanth s joshi: > Hi I have got a query to make here. So if I know the private > key(permanant) of the server is it possible to decrypt the SSL traffic?
You cut the answer to this exact question. It may or may not be possible, depending on many factors. The permanent server key is just one of the things you might need. This question cannot be answered without knowing the outer problem. Some people carefully arrange things so that their SSL sessions are still secure even if their host keys are compromised later. In general, no, you cannot decrypt a stored SSL session. However, if you have a specific outer problem, there may be a good way to get the job done. For example, here are two very different question: 1) I run a web server. I want to archive secure SSL sessions securely. Can I do it? 2) I run an ISP. I want to log my customer's SSL sessions invisibly so I can review them later for abuse purposes. Can I do it? 3) I run a company. I want to set up an SSL logging proxy, it can be invasive and it's okay if it requires special setup on every machine. How can I do it? See how these are all very different questions? There is no generic answer except "maybe". DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
