Mohamad Badra <[EMAIL PROTECTED]> writes:
> I have 2 questions about this sequence number in TLS:
>
> 1)What is the value of finished's sequence number? It is zero?
>From RFC2246 page 16:
sequence number
Each connection state contains a sequence number, which is
maintained separately for read and write states. The sequence
number must be set to zero whenever a connection state is made
the active state. Sequence numbers are of type uint64 and may not
exceed 2^64-1. A sequence number is incremented after each
record: specifically, the first record which is transmitted under
a particular connection state should use sequence number 0.
This mean that the next message after a ChangeCipherSpec will
always have sequence number 0.
> 2) Is there any command line with OpenSSLto have the MAC?
Not as far as I know. The MAC is encrypted and you must have
access to the session key to print the MAC.
ssldump <URL: http://www.rtfm.com/ssldump/ > can decrypt certain
SSL connections, but I don't think it is capable of printing the
MAC. You can probably hack the source, though.
--
Jostein Tveit ([EMAIL PROTECTED])
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
