Hi ,
I got the answer to this, and now the question looks bit stupid.
Generation of master key is different in case of "Extended Master Secret" ,
I still have a doubt, what would be the contents in SSL* s->s3->handshake_buffer?
I need to manually set this for my tool, i assume it holds both client and server handshakes, am i right?
if i am right , in openssl , i just need to populate s3->handshake_buffer and set flags to s->session->flags & SSL_SESS_FLAG_EXTMS.
only unknown thing i have is s3->handshake_buffer , what value to copy there.
Regards
Stiju
On Fri, Apr 28, 2017 at 10:35 PM, Stiju Easo <stiju.easo@xxxxxxxxx> wrote:
Hi,I had a tool similar to SSLDump , which could decrypt SSL traffic (like Man in Middle).for this, I used to copy needed data to SSL* and used to call tls1_enc/ssl3_enc to decrypt data.Everything used to work fine extended master secret came up in SSL header,even if it has empty value (just the place holder) as in pic attached.the SSL decryption failed, with -1 error from tls1_enc"-1: if the record's padding/AEAD-authenticator is invalid or, if sending,an internal error occurred."on further debugging failure happens in EVP_Cipher().I tried OpenSSL1.1 and OpenSSL1.0.2, both has the same behavior.the doubt I have is1) if I have Extended Master Secret Extention type (with value 0) in my data, should I need to set something to SSL context so that.2) Is it necessary to use OpenSSL 1.1.0, if I don't intend to use value appearing in ExtendedMasterSecret? I just want to ignore wat ever appearing in the header as of now. for this will 1.0.2 will do, given I resolve item (1)--
Stiju Easo
The unexamined life is not worth living for man.
Socrates, in Plato, Dialogues, Apology
Greek philosopher in Athens (469 BC - 399 BC)
Stiju Easo
The unexamined life is not worth living for man.
Socrates, in Plato, Dialogues, Apology
Greek philosopher in Athens (469 BC - 399 BC)
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
