On Sunday, 27 Jan 2002, Scott Renfro wrote: > On Sun, Jan 27, 2002 at 08:53:03PM -0600, David Frascone wrote: > > > > 1) Since I have access to all the key files, can I somehow watch the > > stream, or does SSL generate the keys used for traffic on the fly, > > and > > only use the .pem file keys for identity? > > The Ethereal ssl dissector doesn't support this, but Eric Rescorla's > ssldump utility does. http://www.rtfm.com/ssldump/
That's an awesome little toy. I've just gotten premission from the author to integrate it's functionality into Ethereal. Now let's see if I can ever find the time to do it :) > Yes, SSLv3 and TLSv1 have NULL cipher suites. They're disabled by > default, but you can enable their use in many implementations. In > Netscape or Mozilla, see the Edit Ciphers preferences dialog. In > openssl, use -cipher NULL with s_client and/or s_server. Sweet! I got null ciphers working perfectly! Thanks a bunch!
