Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > webappsec > 03 > 070935.html (Request Expert securityfocus.com Support)

Re: Looking for an open source ssl sniffer...

From: Damieon Stark <visigoth(at)securitycentric.com>
Date: Mon Jul 21 2003 - 17:04:36 EDT

On Mon, Jul 21, 2003 at 09:17:41PM +0200, Philip May wrote:
> You write: I've got the keys as its my server

That's just plain silly... The public/private keys are used for a few things, but encryption of the request/response contents is not one of them...

Public/Private keys are used during the SSL session initialization to authenticate one or both of the communication endpoints. Additionally, they are used to negotiate a symetric key cipher (such as 3des) and create a shared secret key which is used for the encryption of the traffic following the SSL session init...

-visigoth 

-- 
Omnis tuus capsa sunt inesse nos
____________________________________________________________________________
     Damieon Stark           | Microsoft: Where do you want to go today?
visigoth@securitycentric.com | Linux: Where do you want to go tomorrow?
     p: 612.382.6945         | FreeBSD/Sun: Are you guys coming or what?
     pgp: 0xBE5D0C57         | 
http://www.sun.com/solaris - To the Nth!
       pgp.mit.edu           | 
http://www.freebsd.org - The power to serve!
----------------------------------------------------------------------------
I'll see your DMCA and raise you a First Amendment.
http://www.anti-dmca.org
----------------------------------------------------------------------------
eot
Received on Mon Jul 21 17:00:22 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:53 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library