What about the 32 octets in the finished message(CipherText)? How can
we have it?
Thank you
Jostein Tveit wrote:
Mohamad Badra <[EMAIL PROTECTED]> writes:
I have 2 questions about this sequence number in TLS:
1)What is the value of finished's sequence number? It is zero?
>From RFC2246 page 16:
sequence number
Each connection state contains a sequence number, which is
maintained separately for read and write states. The sequence
number must be set to zero whenever a connection state is made
the active state. Sequence numbers are of type uint64 and may not
exceed 2^64-1. A sequence number is incremented after each
record: specifically, the first record which is transmitted under
a particular connection state should use sequence number 0.
This mean that the next message after a ChangeCipherSpec will
always have sequence number 0.
2) Is there any command line with OpenSSLto have the MAC?
Not as far as I know. The MAC is encrypted and you must have
access to the session key to print the MAC.
ssldump <URL: http://www.rtfm.com/ssldump/ > can decrypt certain
SSL connections, but I don't think it is capable of printing the
MAC. You can probably hack the source, though.
|
