• SSL debugging tools can see both sides of the data transmission.building internet image by Danielle Bonardelle from Fotolia.com
  
  Secure Socket Layer (SSL) protocol provides confidentiality, authentication and message integrity by creating an encrypted link between a Web server and a Web browser. It ensures that all data passed between the server and browser remain private and secure. When debugging SSL connections, it is important to use tools that can trail the SSL connection setup process from the initial request until it completes the handshake successfully and passes the data to the server.
  
  

SSLDump

• SSLDump is an SSL network protocol analyzer. With SSLDump, it is necessary to see both sides of the data transmission, such as the details of the handshake and application data exchanges. SSLDump identifies TCP (Transmission Control Protocol) connections on the chosen network interface and attempts to interpret them as SSL traffic. Once SSLDump decodes the SSL traffic that it identifies, it displays it in a text form. SSLDump can decrypt the connections and display the application data traffic if you provide it with a keying material. Using SSLDump in any platform is possible, because it is PCAP (packet capture)-based, which consists of an application programming interface (API) for capturing network traffic. Implement PCAP in libpcap (library pcap) in UNIX-based systems and WinPcap for Windows-based systems.
  
  

OpenSSL

• OpenSSL is a cryptography toolkit implementing SSL. Use it to negotiate SSL connections so that you can interact with the service in plain-text mode, which you can use to debug and test services. This is possible because OpenSSL negotiates, encrypts and decrypts SSLs over the wire, leaving you with plain-text sessions. OpenSSL allows you to generate keys and perform various certificate-related functions. In addition, OpenSSl allows you to use the s_client option to setup an SSL connection and pass arbitrary data such as POP3 (Post Office Protocol 3) commands, IMAP (Internet Message Access Protocol) commands and HTTP (Hypertext Transfer Protocol) methods to a server process.
  
  

SSLtap

• Another way to debug SSL connections is by observing such request and response data with the SSLtap command. SSLtap is a part of NSS (Network Security Services), which is a set of libraries, APIs, utilities and documentation designed to support cross-platform development of security-enabled client and server. SSLtap acts as a simple proxy between the client and the real server. It displays information about the connections, such as observing plain HTTP requests and other types of protocol requests, as well as SSL streams. Use the SSLtap in a command shell to open a socket at the meeting port and wait for incoming connection on the client side. The SSLtap has limitations; it cannot decrypt any encrypted message data. However, SSLtap is a useful tool for looking at the plain text and binary data during the handshake procedure, prior to establishing the secure connection.