Gisle Vanem wrote:
>
> Is anyone aware of a tcpdump extension parser for the SSL protocol?
>
> The debugging available in OpenSSL is IMHO not well suited in
> debugging the handshake and CONNECT transactions. I would
> be nice to trace this in real-time using tcpdump.
>
There is a program called SSLtap which is distributed with various
Netscape software and is part of their (currently US only) PKCS#11
utilities.
The source was released with the Netscape PKI stuff but none of that
compiles yet.
This doesn't quite do what you want but it can be used to debug SSL data
up to a point.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
