[openssl-users] May I ask you about the master-key in openssl s_client command result?
Stiju Easo
stiju.easo at gmail.com
Thu Sep 27 05:01:39 UTC 2018
Hi,
Just an Info, may not be relevant.
If extended master secret is enabled,(by default on all browsers now a
days)
the computation of master secret is different.
https://tools.ietf.org/html/rfc7627#section-4
On Thu, Sep 27, 2018 at 7:25 AM Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:
>
>
> > On Sep 26, 2018, at 9:19 PM, 이영주 <shinejaekal at naver.com> wrote:
> >
> > I wonder why master-key is revealed in plaintext in the results below.
> > (used command : Openssl s_client -connect host:port)
>
> Because s_client is a debugging tool, and a source of example code
> that demonstrates many elaborate features of the API from which you
> can pic and chose the functions that are useful to you. The s_client
> command is NOT designed to be used for any non-diagnostic purposes.
>
> > Does it matter if the master key is exposed in plaintext?
>
> That's a feature. You can check when using s_server that both computed
> the same key.
>
> > And I wonder what role this master key plays.
>
> https://tools.ietf.org/html/rfc5246#section-8.1
> https://tools.ietf.org/html/rfc5246#appendix-A.6
> https://tools.ietf.org/html/rfc5246#section-6.3
> https://tools.ietf.org/html/rfc5246#section-7.4.9
> https://tools.ietf.org/html/rfc5246#appendix-F.1.1
> https://tools.ietf.org/html/rfc5246#appendix-F.1.4
> https://tools.ietf.org/html/rfc5246#appendix-F.2
>
> --
> Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
--
Stiju Easo
The unexamined life is not worth living for man.
Socrates, in Plato, Dialogues, Apology
Greek philosopher in Athens (469 BC - 399 BC)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180927/307b4ad0/attachment.html>
More information about the openssl-users
mailing list