On Fri, Jul 19, 2002 at 09:37:22AM +0200, Michael Schmidt wrote: > Hi, > > For a research project I'm working on, I want to use OpenSSL with > ADH-DES-CBC3-SHA (TLSv1). This means I want to use neither a server-side > nor a client-side certificate; and the pre-master secret shall be > established via Diffie-Hellman key exchange. > > I understand that the current implementation of SSL_CTX_set_tmp_dh > (SSL_CTX *ctx, DH *dhkey), which I'm using to set the DH private and > public key, ignores any existing keys in dhkey->priv_key and > dhkey->pub_key, and uses only the DH key generation parameters (prime > and generator) from this structure. Looks like it generates random DH > keys by its own.
A callback is available, to set DH key. See ssl3_send_server_key_exchange() around s->cert->dh_tmp_cb() for details. That is, one can set this callback instead of SSL_CTX_set_tmp_dh() > However, I would like to feed the TLS pre-master secret generation on > both client and server side with arbitrary DH key pairs of my own. From > my understanding of RFC 2246 (TLSv1), this is in conformance with the > spec. Now I'm wondering whether this is possible using the regular > OpenSSL API. If not, how else could I achieve this (I don't have major > problems with modifying my version of the OpenSSL source code)? I just > need to understand where to "inject" my keys. > > > Thanks, > > Michael > > -- > ================================================= > Michael Schmidt > ------------------------------------------------- > Institute for Data Communications Systems > University of Siegen, Germany > ------------------------------------------------- > http: www.nue.et-inf.uni-siegen.de/~schmidt/ > e-mail: [EMAIL PROTECTED] > phone: +49 271 740-2332 fax: +49 271 740-2536 > mobile: +49 179 7810214 > ================================================= > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- Naina library: http://www.unity.net/~vf/naina_r1.tgz ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
