B.3 ssldump

B.3 `ssldump`

Chapter 6 makes extensive use of Eric Rescorla's ssldump program. It's similar in concept and operation to tcpdump but is specialized to decode SSL packets.

One of ssldump's most useful features is its ability to decrypt the SSL payloads when we have access to the SSL key file. This capability is useful only when we are working with our own SSL servers, of course, but that is usually exactly when we need it.

Architecturally, ssldump is very similar to tcpdump, using the pcap library to capture packets from the interface, filtering them according to the filter expression, and using the OpenSSL library to decode them. See Chapter 6 for examples of the SSL output.

In our examples, we use three of ssldump's options extensively.

-A

Print all fields in the SSL record instead of just the most interesting ones.
-d

Display application data. This is also useful for seeing TCP traffic before the SSL session initiation.
-k
file
Specify the location of the key file that can be used to decrypt the SSL payload data.

Here is a fragment of an ssldump output from Chapter 6:

2 1 0.0011 (0.0011) C>SV3.0(79) Handshake
     ClientHello
       Version 3.0
       random[32]=
         3e 5e 6f db 15 04 57 00 03 5a a8 ae 30 89 8b 6c
         e9 21 e6 0e 08 23 18 cc 5a 9c 4e bb 20 36 aa f9
       resume [32]=
         14 17 3a 80 5e 1d 50 9f 46 1c 38 12 2f e6 d8 3d
         b6 6c 18 59 8b 00 f4 3d a1 1c 2f 22 72 80 37 50
       cipher suites
       SSL_RSA_WITH_3DES_EDE_CBC_SHA
       SSL_RSA_WITH_IDEA_CBC_SHA
       compression methods
                 NULL

The leading two numbers on the first line provide the connection and record numbers. Thus, this is SSL record 1 from connection 2. The next two numbers are the time since the beginning of the connection and the time since the last record. In this case, they are the same because this is the first record in the connection.

The next field tells us that this packet is from the client to the server (C>S), that we are using SSL version 3.0, and that the record is 79 bytes long. The last field indicates the record type (see Figure 6.4). In this case, it's a Handshake message. Once the session enters encrypted modethat is, after the CHANGE_CIPHER_SPEC messagethis first line is all that will be visible unless we have the server key.

The rest of the output is a decode of the fields within the record. We see that this is a ClientHello message for a session resumption and that two cipher suites are being offered by the client.

It is sometimes convenient to be able to see the application data, and for this, ssldump offers the -x and -X options, just as tcpdump does. Here's an example, again from Chapter 6, of ssldump's output of application data:

1 40 72.1196 (11.9504) S>CV3.0(112) application_data
  ---------------------------------------------------------------
  7e 21 45 00 00 54 72 7b 40 00 40 01 82 80 0a 00  ~!E..Tr{@.@.....
  00 04 c0 a8 7b 01 08 00 56 21 63 11 01 00 3c 5a  ....{...V!c...<Z
  90 3e 7a 31 0c 00 08 09 0a 0b 0c 0d 0e 0f 10 11  .>z1............
  12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21  .............. !
  22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31  "#$%&'()*+,-./01
  32 33 34 35 36 37 92 51 7e                       234567.Q~
  ---------------------------------------------------------------

Notice that this is data from the server to the client and that the record type is APPLICATION_DATA.

Further information about ssldump and the SSL/TLS protocol is available in Rescorla's excellent text SSL and TLS [Rescorla 2001]. The ssldump source code distribution and information about the book is available from Rescorla's Web site at <http://www.rtfm.com/ssldump/ssldump-0.9b3.tar.gz>.