On Wed, Dec 04, 2002 at 10:16:37AM -0500, Jack Lloyd wrote: > I asked Eric Rescorla, and he agreed the section of the TLS RFC was > definitely unclear, but he wasn't totally sure which way it should go as > far as stripping any leading 0s before using the shared secret to generate > keys. It basically depends on what various implementations have decided to > do.
A safe way for clients to work around this problem for ephemeral DH is to try a new DH secret if the DH result has a leading zero byte. -- Bodo M�ller <[EMAIL PROTECTED]> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
