---------- Forwarded message ----------
From: Eric Rescorla <[EMAIL PROTECTED]>
Subject: [fw-wiz] ANNOUNCE: ssldump-0.9a2
Resent-Subject: ANNOUNCE: ssldump-0.9a2
Date: Fri, 20 Oct 2000 09:32:48 -0700
Resent-Date: Fri, 20 Oct 2000 21:46:51 -0400 (EDT)
Resent-From: spiff <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Resent-To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
tct-users <[EMAIL PROTECTED]>
ANNOUNCE: ssldump: an SSL protocol analyzer
Version 0.9a2
http://www.rtfm.com/ssldump/
RTFM, Inc. is pleased to announce the availability of ssldump 0.9a2.
ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP
connections on the chosen network interface and attempts to interpret
them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it
decodes the records and displays them in a textual form to stdout. If
linked with OpenSSL and provided with the appropriate keying material,
it will also decrypt the connections and display the application data
traffic.
ssldump is completely passive and thus allows you to analyze systems
without interfering with them. You can also use it to read stored
traffic collected with tcpdump.
This release is version 0.9a2. the code quality is considered to be
late-Alpha. It's been extensively tested internally but hasn't had
much external testing. We expect to collect feedback and release
a Beta-quality release by December. In particular, ssldump has only
been tested on FreeBSD, though it uses autoconf and should be quite
portable to most Unix-based systems.
Here's a sample of ssldump output in quiet mode:
New TCP connection #1: iromeo.rtfm.com(2539) <-> sr1.rtfm.com(4433)
1 1 0.0828 (0.0828) C>S SSLv2 compatible client hello
1 2 1.0378 (0.9549) S>C Handshake ServerHello
1 3 1.5707 (0.5329) S>C Handshake Certificate
1 4 2.0859 (0.5152) S>C Handshake ServerHelloDone
1 5 2.1256 (0.0396) C>S Handshake ClientKeyExchange
1 6 2.1256 (0.0000) C>S ChangeCipherSpec
1 7 2.1256 (0.0000) C>S Handshake
1 8 7.7635 (5.6378) S>C ChangeCipherSpec
1 9 9.3182 (1.5547) S>C Handshake
1 18.1578 (8.8395) C>S TCP FIN
1 19.2500 (1.0922) S>C TCP FIN
And a message decoded in verbose mode:
1 2 1.0378 (0.9549) S>CV3.0(74) Handshake
ServerHello
Version 3.0
random[32]=
39 e7 7b be 44 ce 48 94 d8 00 de 98
54 42 43 0d 28 72 87 2d b0 95 5c d6
2a c8 24 f2 d4 b2 88 21
session_id[32]=
47 26 45 c9 ee 4f 66 56 88 c8 92 53
0d 84 2b eb 36 ac 44 ee c0 05 c8 dc
6c ed db 8e 1f bc ff fa
cipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA
compressionMethod NULL
ssldump also provides a variety of flags for controlling the output
at a finer level of granularity.
ssldump is released under a BSD-style license and is available
from
http://www.rtfm.com/ssldump
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
_______________________________________________
firewall-wizards mailing list
[EMAIL PROTECTED]
http://www.nfr.com/mailman/listinfo/firewall-wizards
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
