On Mon, Nov 10, 2003 at 11:23:16AM +1300, Jason Haar wrote:
> On Fri, 2003-11-07 at 21:45, Lutz Jaenicke wrote:
> > When you are using s_client, you will most likely negotiate an EDH cipher
> > that cannot be decrypted with ssldump. Use
> > openssl -s_client -ciphers RC4-MD5 ...
> > to generate "
On Fri, 2003-11-07 at 21:45, Lutz Jaenicke wrote:
> When you are using s_client, you will most likely negotiate an EDH cipher
> that cannot be decrypted with ssldump. Use
> openssl -s_client -ciphers RC4-MD5 ...
> to generate "decryptable" sessions...
Ah - thank you - that makes total sense (and
No, ssldump definitely works.
One weakness (in my humble opinion) of static RSA is that if the server's
private key is compromised, an eavesdropper can read all traffic from past,
current, or future SSL sessions protected with that key. (In other words,
"ssldump works".)
SSL/TLS allows negotiati
On Fri, Nov 07, 2003 at 03:39:09PM +1300, Jason Haar wrote:
> On Fri, 2003-11-07 at 14:26, Rich Salz wrote:
> > > I don't think it really works - I certainly never got it to work.
> >
> > Most likely becuase you don't have the keys.
> >
>
> Bzzt - sorry - I'm not that stupid today ;-)
>
> If I
On Fri, 2003-11-07 at 14:26, Rich Salz wrote:
> > I don't think it really works - I certainly never got it to work.
>
> Most likely becuase you don't have the keys.
>
Bzzt - sorry - I'm not that stupid today ;-)
If I do "ssldump -Ad -i eth0 -k server-cert.pem host me and port 443",
where server
> I don't think it really works - I certainly never got it to work.
Most likely becuase you don't have the keys.
> 1. ssldump has the keys.
This means that ssldump must have the *private keys* of the server and, if
they're used, of the client as well. In other words you are setting
ssldump deli
Jason Haar <[EMAIL PROTECTED]> writes:
> I don't know what "Static RSA" is - but I guess my Apache servers don't have
> it :-<
Static RSA is when the SSL ClientKeyExchange message (containing the
pre_master_secret) is encrypted with the RSA public key found in the server
certificate.
Do you have
On Thu, Nov 06, 2003 at 09:21:38AM +0100, Lutz Jaenicke wrote:
> Hmm. ssldump (http://www.rtfm.com/ssldump) does have the ability to
> perform this task. Maybe you can get some hint by "studying" its
> implementation :-)
I don't think it really works - I certainly never got it to work.
It actuall
