Debugging an SSL connection
Monday, March 22nd, 2010Debugging the SSL handshake can be lots of pain, especially if the SSL commands are done by components not under your control. Fortunately there is a tool called ssldump which lets you monitor the complete SSL handshake. The following command prints out detailed information about the SSL handshake (on interface eth0):
ssldump -a -A -H -i eth0
If you want to sneak at the encrypted traffic you need to tell ssldump where to find the hostkey (e.g. hostkey.pem or similar) of the machine
ssldump -N -d -k $PATH_TO_HOSTKEY/hostkey.pem -A -H -i eth0
Replace $PATH_TO_HOSTKEY and hostkey.pem accordingly.
More information can be found here or in the manpage of ssldump.