function do?
Wht does it update?
Thanks
--Gayathri
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Friday, July 21, 2006 7:04 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing
Hello,
Thanks Marek, can you explain
Hello,
Does this read_mac_secret and write_mac_secret change with
Every md5 hash verification?
No, this values are calculated from pre_master_secret and until
end or renegotiation stays the same.
I am not able to locate the code which actually updates this tcp
Seq numbers and so on..what
, July 24, 2006 2:01 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing
Hello,
Does this read_mac_secret and write_mac_secret change with Every md5
hash verification?
No, this values are calculated from pre_master_secret and until end or
renegotiation stays the same.
I am
Hello,
There seems to be no such function in openssl
(ssl3_record_sequence_update())!!
Can you pls tell where exactly this SSL sequence number is updated.
Well, yes, this function was introduced in 0.9.8.
In earlier versions there is code at the and of ssl3_mac()
function in s3_enc.c file which
Hello,
In earlier versions there is code at the and of ssl3_mac()
function in s3_enc.c file which looks like:
And for TLS1 version this code is at the end of tls1_mac()
function in t1_enc.c file.
Best regards,
--
Marek Marcola [EMAIL PROTECTED]
Thanks Marek..appreciate ur help..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Monday, July 24, 2006 4:04 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing
Hello,
There seems to be no such function in openssl
Title: intoto Stationery
What would happen if
openssl is starved of application data records and is fed only control messages?
Would it misbehave?
Thanks
--Gayathri
Hello,
What would happen if openssl is starved of application data records
and is fed only control messages? Would it misbehave?
SSL application records are not mandatory (but usually very useful :-)
So you may establish SSL connection and do for example
renegotiation after renegotiation or
depends on YOUR answer or anyone on this
Mailing list :)
Thanks
--G(3)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Friday, July 21, 2006 3:04 PM
To: openssl-users@openssl.org
Subject: Re: Query On SSL Processing
Hello,
What would
The SSL records include a message digest (MAC) of the application data
within the record. If you remove the application data, the SSL record is
no longer valid.
If you think about it, this is obvious. SSL guarantees the integrity of
the application data. If someone modifies or removes the
: Query On SSL Processing
The SSL records include a message digest (MAC) of the application data
within the record. If you remove the application data, the SSL record is no
longer valid.
If you think about it, this is obvious. SSL guarantees the integrity of the
application data. If someone modifies
Ok, what I meant is I will be removing the SSL record along with the app
data!!
So this should be fine right?
Then SSL will notice that records have been removed. Since records can
contain application data, and SSL guarantees the integrity of the
application bytestream, *ANY* attempt by an
records have been removed..?
Hope I am making sense here..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Salz
Sent: Friday, July 21, 2006 5:41 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing
Ok, what I meant is I
Gayathri Sundar wrote:
Thanks Richard..but I was thinking only SSL RECORDS with Record Type APP
DATA
Contain application data!!! If I can ensure that only complete SSL Records
of Type
Handshake, Change cipher spec, and Alerts are given to OpenSSL, it can
process it rite?
This way how can
Hello,
Thanks Marek, can you explain more on this MAC verification errors?
When SSL record is read from TCP socket first is decrypted (using
read_secret and CBC xor vector) and then MAC of decrypted packet
is checked. When calculating MAC of decrypted packet the following
information is used:
SSL is designed for private reliable bytestream between two parties.
Without looking at the spec, I can't say for certain, but I would be
*very* surprised if you can slice out any part of the SSL traffic and
not have generate an error.
Read the SSL/TLS spec.
/r$
--
SOA Appliances
Thanks Marek, can you explain more on this MAC verification errors?
When I can ensure only control records are read by SSL_read, why should
I get such errors? Yeah, ur correct, I will discard appliation records ;)
(don't ask me how!!) but then openssl will work rite?
What I have to do next
17 matches
Mail list logo
