Hi,
Which version of SSL/TLS are you talking about?
To my knowledge, SSLV2, SSLV3 and TLS1.0 all use PKCS#1 Block Type 2
padding (in case of SSL V2 rollback, that last eight padding bytes are
not random and are set to 0x03 but this special case is detect at the
protocol level).
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
barcaroller wrote:
"Mounir IDRASSI" wrote in message ...
You simply can't guess the padding mode if you don't know it in advance.
Imagine the security consequences if this was possible : it would mean
that an attacker can have information about the clear text without having
access to the private key!!
Okay, but the SSL client uses RSA_public_encrypt() with a padding value that
is unknown to the SSL server, which uses RSA_private_decrypt() later on.
How can the SSL server know in advance what padding mode the SSL client is
going to use?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
