Re: snort ssl plug-in

["Jason Haar" <Jason.Haar () trimble co nz>]

Derya Sezen said:
> I wanna collect the private keys in my local trusted area & see the
> crypted traffic, ( i have the public keys of the both side) i think it
> is possible logically, no? Is there any Snort plug-in for that?!

Probably not doable. There was a discussion of this on the OpenSSL list a
couple of months ago. Just having the full cert (pub+priv) in question
doesn't necessarily mean you can build a sniffer that can decrypt SSL
traffic. If static (RSA) keys are used, then yes, you can decrypt, but
nothing I know of defaults to those SSL algorithms anymore.
See http://ssldump.sourceforge.net/TROUBLESHOOTING for a good explanation
of why decrypting SSL traffic via a network sniffer isn't easy.
Jason




-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users