On Wed, Oct 31, 2012, Dave Thompson wrote:
>
> I meant to make that any _nonstatic_ [EC]DH (i.e. "ephemeral" with
> authentication, or "anonymous" without). OpenSSL doesn't implement
> static DH at all, and I've never seen anyone use static ECDH.
>
Actually OpenSSL does now implement static D
> From: owner-openssl-us...@openssl.org On Behalf Of (me)
> Sent: Wednesday, 31 October, 2012 18:22
> An "incoming" connection is usually, at least by connection,
> an SSL server.
>
_by convention_
> In general: if an SSL connection/session uses an akRSA suite,
> knowledge of the packets on th
>From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
>Sent: Wednesday, 31 October, 2012 13:22
>Is it possible to use libpcap to detect an incoming connection
>(writing all packets those packets to a socket), then, if using
>libpcap i determine that a SSL connection was established , st
As I am thinking about this a little more - I guess that the SSL_new and
SSL_accept handles all of the SSL handshake negotiation as well, that would
have to be manually handled if you were trying to decrypt on the fly?
On Wed, Oct 31, 2012 at 2:23 PM, Derek Cole wrote:
> To be clear - I have
To be clear - I have already written the code to read the SSL header.
Regarding your last line - is there a cleaner way to "redirect" as you say,
or is it as I described - opening a new socket and writing the packet to it?
If I wanted to decrypt on the fly, is there a standard way of decrypting
t
Hello,
Is it possible to use libpcap to detect an incoming connection (writing all
packets those packets to a socket), then, if using libpcap i determine that
a SSL connection was established , stand up another socket to read the same
file descriptor with the SSL client so that I could use the pro
