There's an SSL/TLS sniffer package that, when given the server's private key, can obtain the master key used for a session and decrypt the frames. I'm not quite sure what you mean by 'for development reasons'.
It would (I'm not looking at the source here) probably be available from one of the SSL_SESSION_get_ex_data indices. Remember that the session master key is usually 24 or 48 bytes. The upper 2/3 are the server key, the lower 2/3 are the client key. (This depends on the version of SSL you're running, though -- I seem to recall SSLv2 splitting the master key down the center.) -Kyle H On 1/26/06, DALE REAMER <[EMAIL PROTECTED]> wrote: > I am working on a project, where, for development reasons, I need to > obtain the secret session key from openssl. How do I do it, where is the > key. I don't want to calculate it, I only need it to give to the server > developer. We are using rc4-128 md5 > > Thanks, dreamer > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
