Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Does OpenSSL support passive decryption?

2 views
Skip to first unread message

Ivan Ristic

unread,
Jul 30, 2009, 4:48:33 AM7/30/09
to
I am investigating whether it is possible to use OpenSSL to passively
decrypt an SSL conversation (with access to a server's private RSA
key, of course).

Does OpenSSL provide any support for this mode of operation?

If there isn't explicit support, I am guessing some of the
functionality could be reused (e.g. protocol parsing). I'd appreciate
some guidance from someone in the know.

Thanks.

--
Ivan Ristic
Test your SSL server @ SSL Labs
https://www.ssllabs.com/ssldb/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Kukosa, Tomas

unread,
Jul 30, 2009, 6:25:55 AM7/30/09
to
Hi Ivan,

the functionality similar to your request is contained in the Wireshark.
See http://wiki.wireshark.org/SSL

It can decrypt SSL/TLS conversation using server's private RSA key.

The code is not based on OpenSSL but on GnuTLS+libgcrypt.

Best regards,
Tomas

=20

> -----Original Message-----
> From: owner-ope...@openssl.org=20
> [mailto:owner-ope...@openssl.org] On Behalf Of Ivan Ristic
> Sent: Thursday, July 30, 2009 10:42 AM
> To: openss...@openssl.org
> Subject: Does OpenSSL support passive decryption?
>=20
> I am investigating whether it is possible to use OpenSSL to passively
> decrypt an SSL conversation (with access to a server's private RSA
> key, of course).

>=20


> Does OpenSSL provide any support for this mode of operation?

>=20


> If there isn't explicit support, I am guessing some of the
> functionality could be reused (e.g. protocol parsing). I'd appreciate
> some guidance from someone in the know.

>=20
> Thanks.
>=20
> --=20


> Ivan Ristic
> Test your SSL server @ SSL Labs
> https://www.ssllabs.com/ssldb/
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openss...@openssl.org
> Automated List Manager majo...@openssl.org

>=20

Peter Sylvester

unread,
Jul 30, 2009, 6:25:55 AM7/30/09
to
see http://www.rtfm.com/ssldump/

Ivan Ristic wrote:
> I am investigating whether it is possible to use OpenSSL to passively
> decrypt an SSL conversation (with access to a server's private RSA
> key, of course).
>

> Does OpenSSL provide any support for this mode of operation?
>

> If there isn't explicit support, I am guessing some of the
> functionality could be reused (e.g. protocol parsing). I'd appreciate
> some guidance from someone in the know.
>

> Thanks.

0 new messages