> On Nov 14, 2018, at 6:54 AM, Hemant Ranvir <hemantranvir@xxxxxxxxx> wrote: > > My main goal here is to use openssl for initial handshake sequence. Once the connection is established between server and client, decrypt the incoming message (this time not using the openssl api but rather by using the decrypt AES function implemented earlier) This makes no sense, because TLS does not just emit a simple CBC encrypted stream after performing the handshake. So you can't do that. Use SSL_read()/SSL_write, and let the library do the message decryption/encryption for you. When done use SSL_shutdown() to cleanly terminate the stream, and depending on the application protocol, make wait for the peer's SSL_shutdown() in turn to avoid truncation attacks where completion of the stream is not implied by the higher level protocol. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
