Avinash Agarwal wrote:
But according to the TLS rfc the finished message should be 12 bytes in length. How is the freeradius sending 32 bytes then.
It is not the freeradius job, it is the TLS one.
The finished message is the first message encrypted under the negotiated algorithms, keys, and secrets. So,the TLS Record takes the verify_data, applies a MAC (SHA or MD5),... , encrypts, and transmits the result.
The following is my undertstanding wrt the TLS rfc 2246
1) generate master key(48 bytes) from pre-master key masterkey = PRF(premasterkey+"master secret"+client.random+server.random)
2) generate finished handshke msg (12 bytes) finished = PRF(master key + "server finished"+MD5(handshake msgs)+SHA1(handshake msgs))
Can someone tell me how is this handshake message being calculated?
In your trace, you see the result of these operations, not the verify_data value.
-- Mohamad Badra ENST-Paris Dept. Computer Sciences and Networks
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
