2019-12-28 13:43:39 +00:00
|
|
|
|
|
|
|
|
# Old original README file from SSLDUMP 0.9b3 and probably outdated
|
|
|
|
|
|
2015-01-31 09:13:33 +00:00
|
|
|
$Id: README,v 1.9 2002/08/17 01:33:15 ekr Exp $
|
|
|
|
|
|
|
|
|
|
SSLDUMP 0.9b3
|
|
|
|
|
|
|
|
|
|
ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP
|
|
|
|
|
connections on the chosen network interface and attempts to interpret
|
|
|
|
|
them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it
|
|
|
|
|
decodes the records and displays them in a textual form to stdout. If
|
|
|
|
|
provided with the appropriate keying material, it will also decrypt
|
|
|
|
|
the connections and display the application data traffic.
|
|
|
|
|
|
|
|
|
|
ssldump depends on the libpcap packet capture library. Some systems
|
|
|
|
|
(e.g. FreeBSD) now have libpcap as part of their standard install. On
|
|
|
|
|
other systems, you will need to install it. You can obtain the
|
|
|
|
|
distribution from:
|
|
|
|
|
http://www.tcpdump.org/
|
|
|
|
|
|
|
|
|
|
If linked with OpenSSL, ssldump can display certificates in decoded
|
|
|
|
|
form and decrypt traffic (provided that it has the appropriate keying
|
|
|
|
|
material). Again, OpenSSL may be installed on your system. Otherwise
|
|
|
|
|
you can obtain it from:
|
|
|
|
|
http://www.openssl.org/
|
|
|
|
|
|
|
|
|
|
See the file INSTALL for instructions on building and installing
|
|
|
|
|
ssldump.
|
|
|
|
|
|
|
|
|
|
STABILITY
|
|
|
|
|
This is a beta release of ssldump. The UNIX portions have received
|
|
|
|
|
extensive testing and are believed to be quite solid. The Windows
|
|
|
|
|
port is substantially less stable.
|
|
|
|
|
|
|
|
|
|
CHANGES SINCE 0.9b2
|
|
|
|
|
Security fix: some potential over and underflows
|
|
|
|
|
Added support for VLANs.
|
|
|
|
|
Added -P flag to disable promiscuous mode.
|
|
|
|
|
Fixed bugs in the TCP reassembly code.
|
|
|
|
|
A lot of bug fixes.
|
|
|
|
|
|
|
|
|
|
See the ChangeLog for a more complete list of changes.
|
|
|
|
|
|
|
|
|
|
MAILING LIST
|
|
|
|
|
For support questions and general discussion on ssldump, please
|
|
|
|
|
subscribe to the ssldump-users mailing list. Subscription is by
|
|
|
|
|
majordomo. To subscribe, send a message with no subject and a body
|
|
|
|
|
consisting of the single line:
|
|
|
|
|
|
|
|
|
|
subscribe ssldump-users
|
|
|
|
|
|
|
|
|
|
to majordomo@rtfm.com. Note, you cannot send messages to the list
|
|
|
|
|
unless you are subscribed.
|
|
|
|
|
|
|
|
|
|
BUG REPORTS
|
|
|
|
|
Please send bug reports either to the ssldump-users mailing list
|
|
|
|
|
or to ssldump@rtfm.com.
|
|
|
|
|
|
|
|
|
|
INTEROPERABILITY NOTE
|
|
|
|
|
Previous versions of ssldump automatically looked for the keyfile
|
|
|
|
|
in 'server.pem' and used the password 'password'. This version
|
|
|
|
|
removes those defaults. For decryption to work you MUST specify
|
|
|
|
|
the keyfile (and password if the keyfile is encrypted.)
|
|
|
|
|
|
|
|
|
|
NEW VERSIONS
|
|
|
|
|
Newer versions of ssldump can be found at:
|
|
|
|
|
http://www.rtfm.com/ssldump/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SSL REFERENCES
|
|
|
|
|
The SSLv3 specification can be found at:
|
|
|
|
|
http://home.netscape.com/eng/ssl3/draft302.txt
|
|
|
|
|
|
|
|
|
|
The TLS specification is in RFC 2246 and can be found at:
|
|
|
|
|
http://www.ietf.org/rfc/rfc2246.txt
|
|
|
|
|
|
|
|
|
|
SHAMELESS PLUG
|
|
|
|
|
Extremely detailed coverage of SSL/TLS can be found in
|
|
|
|
|
|
|
|
|
|
_SSL_and_TLS:_Designing_and_Building_Secure_Systems_
|
|
|
|
|
Eric Rescorla
|
|
|
|
|
Addison-Wesley, 2001
|
|
|
|
|
ISBN 0-201-61598-3
|
|
|
|
|
|
|
|
|
|
_SSL_and_TLS_ makes extensive use of ssldump to demonstrate real-life
|
|
|
|
|
SSL behavior. If you like ssldump and want to learn about SSL, you
|
|
|
|
|
might consider buying my book.
|
|
|
|
|
|
