[stunnel-users] Sniffing the network --how to disable SSL?

Jan Meijer jan.meijer at surfnet.nl
Thu Jan 12 11:13:59 CET 2006


> I know this sort of defeats the whole purpose of stunnel, but I have an
> LDAP server which listens for non-SSL on one port, and SSL on another.
> We decided to use stunnel and the SSL port on our LDAP server for
> security purposes.
> 
> However, now we need to see the communication between clients and the
> LDAP server, in order to debug a production problem. Sniffing won't be
> terribly useful unless we can turn off the SSL encryption of the
> communication.
> 
> I can't just re-point the application to the non-SSL port because this
> is stored in a central database and would affect everyone (it's a 3rd
> pty app), so I just want to change the stunnel.conf file on my PC so
> that it does port-forwarding but no encryption. Is this possible to do?

Try ssldump on the server-side.  It'll allow you to sniff SSL traffic
provided you have access to the server certificate+private key.

Jan



More information about the stunnel-users mailing list