Re: [Snort-users] snort ssl plug-in
This is a discussion on Re: [Snort-users] snort ssl plug-in within the Snort forums, part of the System Security and Security Related category; Derya Sezen said: > I wanna collect the private keys in my local trusted area & see the > crypted ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-13-2004
|
|||
|
|||
Re: [Snort-users] snort ssl plug-in
Derya Sezen said:
> I wanna collect the private keys in my local trusted area & see the > crypted traffic, ( i have the public keys of the both side) i think it > is possible logically, no? Is there any Snort plug-in for that?! > Probably not doable. There was a discussion of this on the OpenSSL list a couple of months ago. Just having the full cert (pub+priv) in question doesn't necessarily mean you can build a sniffer that can decrypt SSL traffic. If static (RSA) keys are used, then yes, you can decrypt, but nothing I know of defaults to those SSL algorithms anymore. See http://ssldump.sourceforge.net/TROUBLESHOOTING for a good explanation of why decrypting SSL traffic via a network sniffer isn't easy. Jason ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
