> I don't think it really works - I certainly never got it to work.
Most likely becuase you don't have the keys.
> 1. ssldump has the keys.
This means that ssldump must have the *private keys* of the server and, if
they're used, of the client as well. In other words you are setting
ssldump deliberately to be a man in the middle. For debugging purposes.
> 2. Static RSA was used."
> I don't know what "Static RSA" is - but I guess my Apache servers don't have
> it :-<
Unless you did your own Apache/OpenSSL integration, your servers have it.
In the old days of US export control, there was a scheme where the server
would only have a small RSA key, but it would generate a temporary-use
key every 24 hours or so. Nowadays only legacy deployments are about
this.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
