ssltap has an option to set the listening port, but not the listening IP address (as I recall). It always listens on IP_ADDR_ANY. This means that it cannot be used to listen on IPv6, and it also means that it cannot be used to listen on one just IP address of a machine that has many. If you have a machine with multiple IP addresses, and servers already listening on port 443 for all but one of those IP addresses, you cannot use ssltap today to listen to port 443 on the one remaining unused IP address, because there is no way to tell ssltap what address to listen on. This recently hampered the investigation of bug 447911.