> The spec doesn't say this explicitly but it suggests at various points
> that the master secret retains its original valye when a session is
> resumed.
A useful document I found at netscape:
http://www.netscape.com/eng/ssl3/traces/index.html
These traces show sessions being resumed and when that happens, the
master secret and client/server random values are used in exactly the
way you say. The master secret is generated when the session is created
(when key exchange is done) and never again.
If I kick off a handshake on a connection after it has been up a while,
I should get new bulk cipher keys and IVs but they will be generated
using the existing master secret.
Thanks for your info on this question - it's taken two days but it's all
starting to make sense...
--
Regards,
David Taylor
Forge Research
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
