Ole Hansen <[EMAIL PROTECTED]> writes: > I would like to decrypt the Finished message from the client. What > functions will do here? I have tried with EVP_Decrypt*() but output does > not make sense. Which key should I pass to EVP_Decrypt*-functions if > these are to be used? Those from the key block or..?
You should pass the client or server write key, depending on the finished message came from the client or server. And if you use TLS_RSA_WITH_RC4_128_MD5, you have to use the RC4 algorithm. When the finished message are decrypted the result will either be a SSLv3 or TLS hash. Details on the differences can be found in the standards or in the excellent book SSL and TLS by Eric Rescorla. I don't know what you mean by make sense, but the finished message is just a hash and will not make sense unless you use the same algorithm and compute the same hash over the same messages and compare the results. And if you are fiddling with low level SSL, I strongly advice you to buy Rescorla's book. -- Jostein Tveit ([EMAIL PROTECTED]) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]