Does OpenSSL provide any support for this mode of operation?
If there isn't explicit support, I am guessing some of the
functionality could be reused (e.g. protocol parsing). I'd appreciate
some guidance from someone in the know.
Thanks.
--
Ivan Ristic
Test your SSL server @ SSL Labs
https://www.ssllabs.com/ssldb/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
the functionality similar to your request is contained in the Wireshark.
See http://wiki.wireshark.org/SSL
It can decrypt SSL/TLS conversation using server's private RSA key.
The code is not based on OpenSSL but on GnuTLS+libgcrypt.
Best regards,
Tomas
=20
> -----Original Message-----
> From: owner-ope...@openssl.org=20
> [mailto:owner-ope...@openssl.org] On Behalf Of Ivan Ristic
> Sent: Thursday, July 30, 2009 10:42 AM
> To: openss...@openssl.org
> Subject: Does OpenSSL support passive decryption?
>=20
> I am investigating whether it is possible to use OpenSSL to passively
> decrypt an SSL conversation (with access to a server's private RSA
> key, of course).
>=20
> Does OpenSSL provide any support for this mode of operation?
>=20
> If there isn't explicit support, I am guessing some of the
> functionality could be reused (e.g. protocol parsing). I'd appreciate
> some guidance from someone in the know.
>=20
> Thanks.
>=20
> --=20
> Ivan Ristic
> Test your SSL server @ SSL Labs
> https://www.ssllabs.com/ssldb/
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openss...@openssl.org
> Automated List Manager majo...@openssl.org
>=20
Ivan Ristic wrote:
> I am investigating whether it is possible to use OpenSSL to passively
> decrypt an SSL conversation (with access to a server's private RSA
> key, of course).
>
> Does OpenSSL provide any support for this mode of operation?
>
> If there isn't explicit support, I am guessing some of the
> functionality could be reused (e.g. protocol parsing). I'd appreciate
> some guidance from someone in the know.
>
> Thanks.