[openssl-users] Doubt regarding ExtendedMasterSecret

Stiju Easo stiju.easo at gmail.com
Sun Apr 30 18:51:58 UTC 2017 

Hi ,

   I got the answer to this, and now the question looks bit stupid.
   Generation of master key is different in case of "Extended Master
Secret" ,

   I still have a doubt, what would be the contents in   SSL*
s->s3->handshake_buffer?
   I need to manually set this for my tool, i assume it holds both client
and server handshakes, am i right?


   if i am right , in openssl , i just need to populate
s3->handshake_buffer and set  flags to  s->session->flags &
SSL_SESS_FLAG_EXTMS.
   only unknown thing i have is  s3->handshake_buffer , what value to copy
there.


Regards
Stiju





On Fri, Apr 28, 2017 at 10:35 PM, Stiju Easo <stiju.easo at gmail.com> wrote:

> Hi,
>
>
>    I had a tool similar to SSLDump , which could decrypt SSL traffic (like
> Man in Middle).
>    for this, I used to copy needed data to SSL* and used to call
> tls1_enc/ssl3_enc  to decrypt data.
>    Everything used to work fine extended master secret came up in
> SSL header,
>    even if it has empty value (just the place holder) as in pic attached.
> [image: Inline image 1]
>    the SSL decryption failed, with -1 error from tls1_enc
>         "-1: if the record's padding/AEAD-authenticator is invalid or, if
> sending,
>          an internal error occurred."
>    on further debugging failure happens in EVP_Cipher().
>
>    I tried OpenSSL1.1 and OpenSSL1.0.2, both has the same behavior.
>
>    the doubt I have is
>    1) if I have Extended Master Secret Extention type (with value 0)  in
> my data,  should I need to set something to SSL context so that.
>    2) Is it necessary to use OpenSSL 1.1.0, if I don't intend to use value
> appearing in ExtendedMasterSecret?  I just want to ignore wat ever
> appearing in the header as of now. for this will 1.0.2 will do, given I
> resolve item (1)
>
>
> --
>
>
>             Stiju Easo
>
>
>  The unexamined life is not worth living for man.
>       Socrates, in Plato, Dialogues, Apology
>       Greek philosopher in Athens (469 BC - 399 BC)
>
>


-- 


          Stiju Easo


 The unexamined life is not worth living for man.
      Socrates, in Plato, Dialogues, Apology
      Greek philosopher in Athens (469 BC - 399 BC)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170501/f7cb467a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 8727 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170501/f7cb467a/attachment-0001.png>

More information about the openssl-users mailing list