Re: Connection problem with some ciphers ... ServerHello seemsto be the problem

Fri, 14 Jul 2006 11:58:55 -0700 

Hello,
> > SSL protocol differs in server_key_exchange packet
> > (with may be used not only for export restriction).
> > This requires temporary RSA key in context.
> > If you add to server initialization routine something like:
> >     RSA *rsa;
> >     rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
> >     if (!SSL_CTX_set_tmp_rsa(SSL_context,rsa)){
> >             ExitPostmaster(1);
> >     }
> >     RSA_free(rsa);
> > your code will work.
> 
> Just to confirm my understanding of this is also correct.  Is it 
> possible to alternatively use:
> 
> SSL_CTX_set_tmp_rsa_callback(ssl_ctx, tmp_rsa_cb);
> 
> and have my application provide the callback function "tmp_rsa_cb" as
> 
> RSA *tmp_rsa_cb(SSL *s, int export, int keylength)
> 
> Where it generates one only when necessary.  To help reduce delay ?
Yes, of course.
 
> Many applications generate a static one, can the same exact key be 
> re-used without any security considerations for unrelated sessions ?
> 
> Should a highly secure application generate a new one for every connection?
In this case (export restriction) generating RSA 512 bit key is not
very secure, so probably using this key on one or more sessions
make no big difference :-)
Because this key is used to exchange pre_master_secret from client
to server, breaking or revealing this key leads to ability to
decrypt SSL session. In first case we have no choice as for example
CPU power increases from time to time. In second case we should
not save such key for example in software, just destroy after
program exit. There may be other problems witch may leads to reveal
RSA private key - RSA timing attacks for example.

But this key generation here is caused by export restriction, in normal
circumstances server RSA key (for example 2048 bits long) is used
to exchange pre_master_secret - send to client in certificate form.
(public part of course).

Revealing such key, reveals all "saved" by attacker SSL sessions.

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to