Joe Wood wrote:
Hi everyone!
I need to get the SSL session keys of an SSL connection out of Mozilla to pass it to an external program. It is for testing purposes only, so security on the local machine is not too important. I thought from within ssl3_GenerateSessionKeys() it should be possible to access the keys, but so far I didn't succeed. Does anybody have an idea how to achieve this?
You are probably going to have to hook all the way down to the PKCS #11 module. NSS keeps the Session keys wrapped by a key stored in the PKCS #11 module. If you are running a FIPS module, you can 'never' get the session keys out in the clear.
This does bring up the question "what do you need it for?". If you are doing some server testing, I suggest trying to use tstclient (smaller and simplier than all of mozilla). If you are building some protocol on the use of the session key, that should be re-evaluated since sometimes that key is stored in hardware can can't be removed.
bob
Thanks, Joe _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
