收到
2007/6/18, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
Hello,
is there a way to ascertain that the data I am BIO-putting to an HTTPS
server
are actually encrypted, apart from watching the data flows from my openssl
application to the server, using tcpdump?
Thanks.
Phiroc
_
I am not sure but you can have some traces based on the return value
of the SSL calls. But if we think about the layered model, there can't
be any other way to know what u have written is actually encrypted or
not at layers below the SSL unless using some sniffers. At SSL layer,
you need to have e
> Hello,
>
> is there a way to ascertain that the data I am BIO-putting to an
> HTTPS server
> are actually encrypted, apart from watching the data flows from my openssl
> application to the server, using tcpdump?
>
> Thanks.
My classic answer to this question is "what is your threat model". Or,
On Mon, Jun 18, 2007 at 01:44:52PM -0700, David Schwartz wrote:
>
> > Hello,
> >
> > is there a way to ascertain that the data I am BIO-putting to an
> > HTTPS server
> > are actually encrypted, apart from watching the data flows from my openssl
> > application to the server, using tcpdump?
> >
