On Tue, Mar 31, 2009 at 4:48 AM, G. T. Stresen-Reuter <
tedmasterweb_at_gmail.com> wrote:

>
> I'm no expert on tcpdump, but unless you've compiled tcpdump to be able to
> decrypt encrypted packets, you may not see anything of interest...

It is possible to detect in a network trace, e.g. tcpdump or wireshark, that
the SSL session is being negotiated/created by looking for a packet coming
from the server that contains the server's certificate. A large part of the
server certificate is unencrypted, for example the expiration date and
Distinguished Name (DN) including common name, organization unit,
organization name. The server does not send the certificate if the session
is reused.

Ray

-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-03-31