Hmm, thanks. But that only works when the passive eavesdropper has the server private key (right?). That seems quite limiting if you want to have "visibility" into network traffic?
I don't really understand the full picture / use case here. Is it only for internal traffic, or is it used in combination with some other more active mitm method to act as the server even for e.g gmail.com?
