Things are getting clearer as I dig deeper. The book "Network Security with OpenSSL" by John Viega et al has some explanation of how the DH key exchange takes place.
With that knowledge, I went through the source code and found that DH_Compute_Key() is being called in s3_clnt.c and s3_srvr.c. So there is no need to call it in client applications. BRs Ramg On Thu, Aug 27, 2009 at 12:23 PM, Ram G <mydevfor...@gmail.com> wrote: > Hello, > > Going through various posts, I have come across references to Bodo > Moeller's example code showing SSL communication without certificates and > using anonymous DH key exchange. If anybody has that sample, can you please > forward it ? > > I have written a client and server taking help from the sample programs. > I'm generating the DH params in the server and setting it in the SSL > context. I'm setting the cipher as ADH-AES256-SHA in both server and client. > The client and server are communicating. > > To generate the DH parameters P & G, I have done this: > > 1) Calling DH_generate_parameters() in the server will generate the Prime P > 2) Calling DH_generate_key() performs the first step of a Diffie-Hellman > key exchange by generating private and public DH values. > > Documentation also talks about this call to generate the shared key: > > 3) Calling DH_compute_key(), these are combined with the client's public > value to compute the shared key. (My program is working even without the > DH_compute_key() call in the server - which is strange I think) > > What I'm not sure is : > > What is the call I need to make in the client to pass the client's public > key ( G (power X) mod P ) to the server ? > > I'm working on a prototype and beginning to get my hands dirty with > OpenSSL. Your help is greatly appreciated. > > -Ramg >
