$Id: README,v 1.3 2000/11/03 06:38:04 ekr Exp $

SSLDUMP 0.9b1

ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP
connections on the chosen network interface and attempts to interpret
them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it
decodes the records and displays them in a textual form to stdout. If
provided with the appropriate keying material, it will also decrypt
the connections and display the application data traffic.

ssldump depends on the libpcap packet capture library. Some systems
(e.g. FreeBSD) now have libpcap as part of their standard install. On
other systems, you will need to install it.  You can obtain the
distribution from:
	http://www.tcpdump.org/

If linked with OpenSSL, ssldump can display certificates in decoded
form and decrypt traffic (provided that it has the appropriate keying
material). Again, OpenSSL may be installed on your system. Otherwise
you can obtain it from:
	http://www.openssl.org/

See the file INSTALL for instructions on building and installing
ssldump.


NEW VERSIONS
Newer versions of ssldump can be found at:
	http://www.rtfm.com/ssldump/


SSL REFERENCES
The SSLv3 specification can be found at:
	http://home.netscape.com/eng/ssl3/draft302.txt

The TLS specification is in RFC 2246 and can be found at:
	http://www.ietf.org/rfc/rfc2246.txt

SHAMELESS PLUG
Extremely detailed coverage of SSL/TLS can be found in 

	_SSL_and_TLS:_Designing_and_Building_Secure_Systems_
	Eric Rescorla
	Addison-Wesley, 2001
	ISBN 0-201-61598-3

_SSL_and_TLS_ makes extensive use of ssldump to demonstrate real-life
SSL behavior. If you like ssldump and want to learn about SSL, you
might consider buying my book.

