Received: from localhost (maia-3.hub.org [200.46.204.184])
	by postgresql.org (Postfix) with ESMTP id 292A09FB352
	for <pgsql-admin-postgresql.org@postgresql.org>;
	Mon, 26 Mar 2007 10:43:09 -0300 (ADT)
Received: from postgresql.org ([200.46.204.71])
	by localhost (mx1.hub.org [200.46.204.184]) (amavisd-new, port 10024)
	with ESMTP id 42371-10 for <pgsql-admin-postgresql.org@postgresql.org>;
	Mon, 26 Mar 2007 10:42:59 -0300 (ADT)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.4
Received: from tigger.fuhr.org (tigger.fuhr.org [63.214.45.158])
	by postgresql.org (Postfix) with ESMTP id F0D499FB3FF
	for <pgsql-admin@postgresql.org>; Mon, 26 Mar 2007 10:43:04 -0300 (ADT)
Received: from winnie.fuhr.org (winnie.fuhr.org [10.1.0.1])
	by tigger.fuhr.org (8.13.8/8.13.8) with ESMTP id l2QDgsKo051376
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Mon, 26 Mar 2007 06:42:57 -0700 (MST)
Received: from winnie.fuhr.org (localhost [127.0.0.1])
	by winnie.fuhr.org (8.13.8/8.13.8) with ESMTP id l2QDgrh7009079;
	Mon, 26 Mar 2007 07:42:53 -0600 (MDT)
	(envelope-from mfuhr@winnie.fuhr.org)
Received: (from mfuhr@localhost)
	by winnie.fuhr.org (8.13.8/8.13.8/Submit) id l2QDgrFj009078;
	Mon, 26 Mar 2007 07:42:53 -0600 (MDT) (envelope-from mfuhr)
Date: Mon, 26 Mar 2007 07:42:53 -0600
From: Michael Fuhr <mike@fuhr.org>
To: Ray Stell <stellr@cns.vt.edu>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-admin@postgresql.org
Subject: Re: no verification of client certificate?
Message-ID: <20070326134253.GA8871@winnie.fuhr.org>
References: <20070323181626.GA16092@cns.vt.edu>
	<25532.1174687277@sss.pgh.pa.us>
	<20070324020434.GA18533@cns.vt.edu> <1950.1174874480@sss.pgh.pa.us>
	<20070326025713.GA5653@winnie.fuhr.org>
	<3130.1174881861@sss.pgh.pa.us>
	<20070326052125.GA6352@winnie.fuhr.org>
	<20070326130353.GA16782@cns.vt.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20070326130353.GA16782@cns.vt.edu>
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Archive-Number: 200703/192
X-Sequence-Number: 25016

On Mon, Mar 26, 2007 at 09:03:53AM -0400, Ray Stell wrote:
> If you don't mind, how do you use ssldump to trace a psql setup?

I usually capture the connection to a file with tcpdump and then
use ssldump to read the file.  Sometimes I use wireshark (formerly
ethereal) but it's a bit heavyweight for most of my needs.  As for
how to interpret what ssldump shows, I'd recommend reading Eric
Rescorla's _SSL and TLS_.  Rescorla wrote ssldump and used it for
many of the book's diagrams; he's also the author or co-author of
several of the relevant RFCs (e.g., RFC 4346 The Transport Layer
Security (TLS) Protocol Version 1.1).

-- 
Michael Fuhr