Is there even a way to get the session secret? I mean, it has to be stored in memory somewhere right? I would greatly appreciate anything that anyone can give me since I am completely at wits end with this.
Thanks, Sam On Fri, Aug 13, 2010 at 3:40 PM, Sam Jantz <sjan...@gmail.com> wrote: > To whom it may concern, > > First I have to say that I am sorry for any lack of detail that I post > do to non disclosure agreements, and also I swear that I am not trying to do > anything malicious here. > > That being said, I am looking for a way to recover the agreed upon > session secret key, and also the initialization vector that comes at the end > of the handshake. I need to do this programmaticly, and relatively quickly. > In my program I have the SSL session opbject, and can get at the Master > Key, but I'm a little confused at how the session secret is generated, and > when RSA vs. DH is used. I've read everything I can get a hold of and am > still foggy as to just how this works. I know that it has to happen > somewhere, but just can't figure out where. If someone could > more concisely explain the session secret process to me, I would be > eternally grateful. > All that being said, I look forward to whatever help you can provide. > Thank you in advanced. > > Also, before I forget, I found this ( > http://marc.info/?l=openssl-dev&m=113831859919711) conversation that > sounds like a similar problem, but I couldn't find any information on how to > use the SSL_SESSION_get_ex_data() function (aside from the man page) as > far in as where the arguments would come from. Again, any help would be > greatly appreciated. > > One humbled techno weenie, > Sam > -- > Sam Jantz > Software Engineer > > -- Sam Jantz Software Engineer