* sean finney (seanius@seanius.net) [030220 07:00]: > you could find out for sure by running the packet sniffer of your > choice and dumping the whole conversation to a log, and then look > at what kind of data the client was sending. oh wait... https... > nevermind. there's probably a way to turn up verbosity on apache > then :) Is there an easy way to decode a snarfed SSL session given that he has the server's private key? Theoretically it's possible, but I wonder if any of the popular sniffing/IDS tools facilitate it. good times, Vineet -- http://www.doorstop.net/ -- http://www.debian.org/
Attachment:
pgpuJjX8ZYJqx.pgp
Description: PGP signature