SSL - Can some enlighten me?

Wed, 10 Jan 2001 04:24:32 -0800 

Hi,

Can somebody help me with understanding SSL better?

(1) When a client is sending a 'Client Key Exchange' Handshake Message, the data which 
is being sent to the server is 10 00 00 82 00 80 <128 bytes of Encrypted Premaster 
Secret>

PROBLEM: I am not able to understand why '00 80' is used in the above Handshake 
Message. The structure of a 'Client Key Exchange', from what I understand is as 
follows:
TYPE: 1 Byte, here 10h (16, Handshake type for ClientKeyExchange)
LENGTH: 3 bytes
ENCRYPTED PREMASTER SECRET: Depends on the Cipher Suite negotiated. In my case the 
negotiated cipher suite is SSL_RSA_WITH_RC4_128_SHA.

Without much strain on my brain, I realised that 00 80 is the length of the data(the 
'actual' Encrypted Premaster Secret) which is going as part of the handshake 
message(here, the Encrypted Premaster Secret). But it is not mentioned anywhere in the 
SSL documents that the encrypted premaster secret has to be pre-pended by the length 
of the encrypted premaster secret(00 80, in this case). Please note that there is 
already the 3 byte length of the handshake message in the Data(00 00 82, in this case).

(2) During the sending of 'Handshake Finished' message, the client as part of data, 
considered 
14 00 00 0C 4B 7F A0 F1 CF 0F 9E 93 27 03 C8 49 to compute the MD5 and SHA digests. 

According to the SSL, the 'Finished Message' will contain the hashed result of "all 
the previous SSL handshake messages exchanged during the session" + other things like 
'sender's role', 'master secret', 'padding' which is understood.

PROBLEM: I am not able to correlate the last 12 bytes(4B 7F A0 F1 CF 0F 9E 93 27 03 C8 
49) of the 'Handshake Finished' with the exchanged handshake messages. I think the 
first byte, 14h = Handshake message type(Handshake Finished), and the next 3 bytes, 00 
00 0C is the length of the data(4B 7F A0 F1 CF 0F 9E 93 27 03 C8 49). Can somebody 
enlighten me as to what these 12 bytes are? I tried for these bytes in all the 
Handshake Messages, but couldn't find them.

Thanks & Regards

----------
When you steal from one author, it's plagiarism; 
if you steal from many, it's research. 
- Wilson Mizner  
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to