SSL/TLS passive sniffing

David Wagner daw at
Tue Nov 30 22:22:29 EST 2004

Ben Nagy wrote:
>Recently a discussion came up on firewall-wizards about
>passively sniffing SSL traffic by a third party, using a copy of the server
>cert (for, eg, IDS purposes).

This sounds very confused.  Certs are public.  How would knowing a copy
of the server cert help me to decrypt SSL traffic that I have intercepted?
Now if I had a copy of the server's private key, that would help, but such
private keys are supposed to be closely held.

Or are you perhaps talking about some kind of active man-in-the-middle
attack, perhaps exploiting DNS spoofing?  It doesn't sound like it, since
you mentioned passive sniffing.

And it doesn't matter whether you use Diffie-Hellman or RSA with Verisign
certs; either way, SSL should be secure against passive eavesdropping.

I think you need to elaborate before we can give any sensible responses.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list