> I'm developing an OpenSSL-based SSL sniffer that monitors decrypted > SSL traffic using the webserver's private keys on real site traffic > (similar to ssldump). For some reasons, part of the SSL traffic is > not being decrypted. > > I'm looking for possible reasons for this. The ones I am currently > aware of are:
What about ephemeral keys? I thought the nature of perfect forward security - that you can't decrypt the traffic, even if the private key is subsequently exposed - means that all dump utilities will also be able to decrypt the traffic. That said, I don't think this is the case here. If the server is using ephemeral keys, you probably wouldn't be able to decrypt anything. Unless you're seeing a weird artifact due to weak browsers, e.g., if most browsers can only use RSA keys (which aren't going to use ephemeral keys), but some fully support TLS and will preferentially use DSA and ephemeral keys. Bear ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
