Hi, For a research project I'm working on, I want to use OpenSSL with ADH-DES-CBC3-SHA (TLSv1). This means I want to use neither a server-side nor a client-side certificate; and the pre-master secret shall be established via Diffie-Hellman key exchange.
I understand that the current implementation of SSL_CTX_set_tmp_dh (SSL_CTX *ctx, DH *dhkey), which I'm using to set the DH private and public key, ignores any existing keys in dhkey->priv_key and dhkey->pub_key, and uses only the DH key generation parameters (prime and generator) from this structure. Looks like it generates random DH keys by its own. However, I would like to feed the TLS pre-master secret generation on both client and server side with arbitrary DH key pairs of my own. From my understanding of RFC 2246 (TLSv1), this is in conformance with the spec. Now I'm wondering whether this is possible using the regular OpenSSL API. If not, how else could I achieve this (I don't have major problems with modifying my version of the OpenSSL source code)? I just need to understand where to "inject" my keys. Thanks, Michael -- ================================================= Michael Schmidt ------------------------------------------------- Institute for Data Communications Systems University of Siegen, Germany ------------------------------------------------- http: www.nue.et-inf.uni-siegen.de/~schmidt/ e-mail: [EMAIL PROTECTED] phone: +49 271 740-2332 fax: +49 271 740-2536 mobile: +49 179 7810214 ================================================= ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
