Hi, For a research project I'm pursuing, I want to use OpenSSL with ADH-DES-CBC3-SHA (TLSv1). This means I want to use neither a server-side nor a client-side certificate; and the pre-master secret shall be established via Diffie-Hellman key exchange.
From my experience so far, the current implementation of SSL_CTX_set_tmp_dh (SSL_CTX *ctx, DH *dhkey), which I'm using to set the DH private and public key, ignores any existing keys in dhkey->priv_key and dhkey->pub_key, and uses only the DH key generation parameters (prime and generator) from this structure. It seems to generate random DH keys by its own. However, I would like to feed the TLS pre-master secret generation on both client and server side with arbitrary DH key pairs of my own (passed as parameters). From my understanding of RFC 2246 (TLSv1), this is still in conformance with the spec. Now I'm wondering whether this is possible using the regular OpenSSL API. If not, how else could I achieve this (I don't have major problems with writing additional, proprietary access functions and/or modifying my version of the OpenSSL source code)? I just need to understand where to "inject" my keys. Thanks, Michael -- ================================================= Michael Schmidt ------------------------------------------------- Institute for Data Communications Systems University of Siegen, Germany ------------------------------------------------- http: www.nue.et-inf.uni-siegen.de/~schmidt/ e-mail: [EMAIL PROTECTED] phone: +49 271 740-2332 fax: +49 271 740-2536 mobile: +49 179 7810214 ================================================= ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
