David Taylor wrote:
> If you give a client hello with an existing session id, the client and
> server random values will change, but the master secret won't because
> the short version of the handshake doesn't do the key exchange.
Changing the client and server random values does change the master
secret as the master secret is created from the pre master secret and
the random values. But the pre master secret is found during the key
exchange... which doesn't happen in the short handshake. So, do you keep
the pre master secret from the full handshake? This seems to be more
confusing than it needs to be :(
--
Regards,
David Taylor
Forge Research
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
