Dear Greg,
(1) I was running the program in TLSv1 mode. When I ran the same program in SSLv3
mode, it was very clear. When I looked it in the trace, I found 10 00 00 80 + <128
byte encrypted premaster secret>, and this was 10 00 00 82 + <2 byte length(00 80)> +
<128 bytes of encrypted premaster secret>. Apparently, this is different in SSLv3 and
TLSv1?
(2)Similarly, wrt the input data to 'Handshake Finished' message, I was referring to
the results computed in TLSv1 mode and the specs of SSLv3. The way it is done in TLSv1
is very different from the way it is done in SSLv3. This is very clearly documented,
but I missed it. When I ran the applicaiton in SSLv3 mode I am getting results
accordingly.
Thanks for the help.
----------
Gravity is a myth, the Earth sucks.
- Not me
>-----Original Message-----
>From: Greg Stark [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, January 10, 2001 7:48 PM
>To: [EMAIL PROTECTED]
>Cc: Mohammed SADIQ [GEMPLUS]
>Subject: Re: SSL - Can some enlighten me?
>
>
>The encrypted pre-master secret is one of those variable length vector
>thingy's and so has its length prepended to it.
>
>From rfc2246, section 4.7:
> A public-key-encrypted element is encoded as an opaque vector
><0..2^16-1>
>
>From section 7.4.7.1:
> struct {
> public-key-encrypted PreMasterSecret pre_master_secret;
> } EncryptedPreMasterSecret;
>
>-----
>Greg Stark, [EMAIL PROTECTED]
>Ethentica, Inc.
>www.ethentica.com
>
>
>
>----- Original Message -----
>From: "Mohammed SADIQ" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
>Sent: Wednesday, January 10, 2001 7:37 AM
>Subject: SSL - Can some enlighten me?
>
>
>> Hi,
>>
>> Can somebody help me with understanding SSL better?
>>
>> (1) When a client is sending a 'Client Key Exchange'
>Handshake Message,
>the data which is being sent to the server is 10 00 00 82 00
>80 <128 bytes
>of Encrypted Premaster Secret>
>>
>> PROBLEM: I am not able to understand why '00 80' is used in the above
>Handshake Message. The structure of a 'Client Key Exchange',
>from what I
>understand is as follows:
>> TYPE: 1 Byte, here 10h (16, Handshake type for ClientKeyExchange)
>> LENGTH: 3 bytes
>> ENCRYPTED PREMASTER SECRET: Depends on the Cipher Suite
>negotiated. In my
>case the negotiated cipher suite is SSL_RSA_WITH_RC4_128_SHA.
>>
>> Without much strain on my brain, I realised that 00 80 is
>the length of
>the data(the 'actual' Encrypted Premaster Secret) which is
>going as part of
>the handshake message(here, the Encrypted Premaster Secret).
>But it is not
>mentioned anywhere in the SSL documents that the encrypted
>premaster secret
>has to be pre-pended by the length of the encrypted premaster
>secret(00 80,
>in this case). Please note that there is already the 3 byte
>length of the
>handshake message in the Data(00 00 82, in this case).
>>
>> (2) During the sending of 'Handshake Finished' message, the
>client as part
>of data, considered
>> 14 00 00 0C 4B 7F A0 F1 CF 0F 9E 93 27 03 C8 49 to compute
>the MD5 and SHA
>digests.
>>
>> According to the SSL, the 'Finished Message' will contain the hashed
>result of "all the previous SSL handshake messages exchanged during the
>session" + other things like 'sender's role', 'master secret',
>'padding'
>which is understood.
>>
>> PROBLEM: I am not able to correlate the last 12 bytes(4B 7F
>A0 F1 CF 0F 9E
>93 27 03 C8 49) of the 'Handshake Finished' with the exchanged
>handshake
>messages. I think the first byte, 14h = Handshake message
>type(Handshake
>Finished), and the next 3 bytes, 00 00 0C is the length of the
>data(4B 7F A0
>F1 CF 0F 9E 93 27 03 C8 49). Can somebody enlighten me as to
>what these 12
>bytes are? I tried for these bytes in all the Handshake Messages, but
>couldn't find them.
>>
>> Thanks & Regards
>>
>> ----------
>> When you steal from one author, it's plagiarism;
>> if you steal from many, it's research.
>> - Wilson Mizner
>>
>______________________________________________________________________
>> OpenSSL Project
http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
