snooping SSL sockets, can it be done?

Hello All,

would it be possible for anyone to listen to the SSL trafic, and decrypt the data, if they have full access of the client computer, BUT they have not been listening to the actual handshake?

I am asking this because we are evaluting the use of JSSE in one of our applications, but we are not sure if it is secure enough for us.

thanks

[371 byte] By [thiasa] at [2007-10-1 3:10:39]

«« Help! Regarding Local and Global Transactions in Websphere
»» Semaphore implementation for 1.4

# 1

If I have "full access to the client computer", then the security of your transmission protocol is irrelevant - I'll just get at the data before it's sent and after it's received. Your requirements make no sense.

If, OTOH, you're talking about having access to local packets only - then SSL spends a lot of time insuring that the transmission is secure in exactly this instance. JSSE is as secure as the cipher-suite you choose.

Grant

ggaineya at 2007-7-8 21:49:02 >

top of Java-index,Security,Java Secure Socket Extension (JSSE)...

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

snooping SSL sockets, can it be done?

Security New Topic

Security Hot Topic

Security

All Classified