Winsock LSP and SSL is a complex and simple issue 🙂 basically the Winsock LSP sees the SSL session encrypted and can’t see the decrypted content of the session. It’s possible to decrypt SSL sessions, but that’s a topic for another post.

Winsock LSP can be used to trace SSL sessions to their root, you can easily get the following information about a SSL session by using LSP:

• Originating application.
• Source Address/Port.
• Destination address/Port.
• Certificate.

Barak