ANNOUNCE: ssldump: an SSL protocol analyzer Version 0.9b1 http://www.rtfm.com/ssldump/ RTFM, Inc. is pleased to announce the availability of ssldump 0.9b1. ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it decodes the records and displays them in a textual form to stdout. If linked with OpenSSL and provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic. ssldump is completely passive and thus allows you to analyze systems without interfering with them. You can also use it to read stored traffic collected with tcpdump. This release is version 0.9b1. The code quality is considered to be early Beta. It's been extensively tested internally and I've collected and integrated the first round of feedback. ssldump has now been tested on FreeBSD, Solaris, HP/UX, and Linux. It uses autoconf and should be portable to most Unix-based systems. CHANGES Since 0.9a2, the following things have changed Ported to Linux, Solaris, and HP/UX. Added decoding of printable characters when printing hex data. Man page cleanups Assorted other printing cleanups SAMPLE OUTPUT Here's a sample of ssldump output in quiet mode: New TCP connection #1: iromeo.rtfm.com(2539) <-> sr1.rtfm.com(4433) 1 1 0.0828 (0.0828) C>S SSLv2 compatible client hello 1 2 1.0378 (0.9549) S>C Handshake ServerHello 1 3 1.5707 (0.5329) S>C Handshake Certificate 1 4 2.0859 (0.5152) S>C Handshake ServerHelloDone 1 5 2.1256 (0.0396) C>S Handshake ClientKeyExchange 1 6 2.1256 (0.0000) C>S ChangeCipherSpec 1 7 2.1256 (0.0000) C>S Handshake 1 8 7.7635 (5.6378) S>C ChangeCipherSpec 1 9 9.3182 (1.5547) S>C Handshake 1 18.1578 (8.8395) C>S TCP FIN 1 19.2500 (1.0922) S>C TCP FIN And a message decoded in verbose mode: 1 2 1.0378 (0.9549) S>CV3.0(74) Handshake ServerHello Version 3.0 random[32]= 39 e7 7b be 44 ce 48 94 d8 00 de 98 54 42 43 0d 28 72 87 2d b0 95 5c d6 2a c8 24 f2 d4 b2 88 21 session_id[32]= 47 26 45 c9 ee 4f 66 56 88 c8 92 53 0d 84 2b eb 36 ac 44 ee c0 05 c8 dc 6c ed db 8e 1f bc ff fa cipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA compressionMethod NULL ssldump also provides a variety of flags for controlling the output at a finer level of granularity. ssldump is released under a BSD-style license and is available from http://www.rtfm.com/ssldump -Ekr