On kRSA, AFAIK, openssl does not provide a way to SET "client random" or "server random" prior to starting the handshake (and, in normal situations, there would be no need to do this).
-----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Victor Duchovni Sent: Friday, August 28, 2009 2:50 PM To: openssl-users@openssl.org Subject: Re: Can I set the client hello challenge externally? On Fri, Aug 28, 2009 at 02:38:50PM -0700, Rene Hollan wrote: > I understand that's the case as the exchange progresses, but even when > just having exchanged Hellos and gotten a server cert? You can't MITM kEDH without changing the pre-master secret, which means that you MUST stay in the middle if you don't want to disrupt the connection. You may be able to MITM kRSA and later drop out, but I am far from sure about this, it is just not obvious to me why you can't provided the "client random" and "server random" are not changed by the proxy. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org