Winsock LSP and SSL is a complex and simple issue 🙂 basically the Winsock LSP sees the SSL session encrypted and can’t see the decrypted content of the session. It’s possible to decrypt SSL sessions, but that’s a topic for another post.
Winsock LSP can be used to trace SSL sessions to their root, you can easily get the following information about a SSL session by using LSP:
- Originating application.
- Source Address/Port.
- Destination address/Port.
- Certificate.
Barak