On Friday 14 October 2011 07:36 AM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of nilesh
Sent: Thursday, 13 October, 2011 09:17
[...]
But is there any chance for us to know these values (or
atleast one of
these values Xa or Xb)? If I host the apache
server (for https) on my machine, is there a specific location where
these values are stored or logged (at least till
the time it completes the key calculation)?
Not that I can see.
But if what you really want is to decrypt
(and maybe verify) the connection data:
according to its website Apache mod_ssl can cache SSL session
information, which includes the master_secret, across all forks,
which means it must be accessible to any process under that UID.
This caching is a common practice for servers that (need to be
able to) handle heavy load, and at least most web browsers.
I don't see the format documented, but it's opensource
so if nothing else you should be able to read that.
The master_secret, plus the two Hello.random (always
in clear for a connection-initial handshake), are
sufficient to decrypt and/or verify connection data,
regardless of the keyexchange method.
Thanks for this info. I have just now referred it and it says -
"This cache is an optional facility which speeds up parallel request
processing".
So it is not 100% available (getting hold of cache to fetch master secret).
And I think besides this there is no other way. Thank you for the pointer.
--
Thanks,
Nilesh
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
