> From: [email protected] On Behalf Of Aiswarya.Sridharan > Sent: Thursday, 26 April, 2012 22:05
> I am currently working on a project for my course where we > are performing > authentication. We are providing security using SSL. We want > to perform key > exchange between client and server using Diffie Hellman method. > Static or ephemeral? > I generated a file that contains the DH parameters and have > code for the > Server that sets this file as a parameter for the BIO > accessing the SSL > context. Does anybody know how the client can access the DH parameters > during the handshake? > If you're writing the client yourself, they're in the server cert for static and in the ServerKeyExchange.DH message for ephemeral. If you're using OpenSSL, the server cert should definitely be visible if you set a (cert) verify callback, and I expect (but haven't stepped through to see) ephemeral paramters (and server publickey) should be visible by the time tmpdh callback gets called. > Also, If the key is being generated by the server and > exchanged as part of > the handshake, wont somebody who is eavesdropping see the DH > parameters? > DH parameters are public, as are both publickeys (Yc and Ys). If you understand how DH works, that should be obvious. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
