Re: Doubt regarding ExtendedMasterSecret

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi ,

   I got the answer to this, and now the question looks bit stupid.
   Generation of master key is different in case of "Extended Master Secret" ,
   
   I still have a doubt, what would be the contents in   SSL* s->s3->handshake_buffer?
   I need to manually set this for my tool, i assume it holds both client and server handshakes, am i right?


   if i am right , in openssl , i just need to populate s3->handshake_buffer and set  flags to  s->session->flags & SSL_SESS_FLAG_EXTMS.
   only unknown thing i have is  s3->handshake_buffer , what value to copy there.

  
Regards
Stiju

   
   
   

On Fri, Apr 28, 2017 at 10:35 PM, Stiju Easo <stiju.easo@xxxxxxxxx> wrote:
Hi,


   I had a tool similar to SSLDump , which could decrypt SSL traffic (like Man in Middle).
   for this, I used to copy needed data to SSL* and used to call tls1_enc/ssl3_enc  to decrypt data.
   Everything used to work fine extended master secret came up in SSL header, 
   even if it has empty value (just the place holder) as in pic attached.
Inline image 1
   the SSL decryption failed, with -1 error from tls1_enc
        "-1: if the record's padding/AEAD-authenticator is invalid or, if sending,
         an internal error occurred."
   on further debugging failure happens in EVP_Cipher().
    
   I tried OpenSSL1.1 and OpenSSL1.0.2, both has the same behavior. 
   
   the doubt I have is 
   1) if I have Extended Master Secret Extention type (with value 0)  in my data,  should I need to set something to SSL context so that.
   2) Is it necessary to use OpenSSL 1.1.0, if I don't intend to use value appearing in ExtendedMasterSecret?  I just want to ignore wat ever appearing in the header as of now. for this will 1.0.2 will do, given I resolve item (1)


--

                                                                                      Stiju Easo

  
 The unexamined life is not worth living for man.
      Socrates, in Plato, Dialogues, Apology
      Greek philosopher in Athens (469 BC - 399 BC)




--

                                                                                      Stiju Easo

  
 The unexamined life is not worth living for man.
      Socrates, in Plato, Dialogues, Apology
      Greek philosopher in Athens (469 BC - 399 BC)

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux