Hi Larry, Thanks for your quick reply. I looked at CyaSSL's documentation and I see it is posible to compile your libraries with a flag which dumps the negotiated keys. While this is a possible approach when you are debugging an application built with yaSSL, it is not possible in a general case (i.e. I want to debug a Firefox session, which uses a different library). This is why I am thinking about implementing a standalone proxy server, instead of a debugging trap inside OpenSSL/yaSSL libraries. Maybe I am missing something that is not in the documentation?
For captured packet analysis, I recommend you to look at Wireshark's code, which is quite clean and understandable: http://ask.wireshark.org/questions/4229/follow-ssl-stream-using-master-key-and-session-id -- Jordi Giménez
