<div dir="ltr">Hi ,<div><br></div><div> I got the answer to this, and now the question looks bit stupid.</div><div> Generation of master key is different in case of "Extended Master Secret" ,</div><div> </div><div> I still have a doubt, what would be the contents in SSL* s->s3->handshake_buffer?</div><div> I need to manually set this for my tool, i assume it holds both client and server handshakes, am i right?</div><div><br></div><div><br></div><div> if i am right , in openssl , i just need to populate s3->handshake_buffer and set flags to s->session->flags & SSL_SESS_FLAG_EXTMS.</div><div> only unknown thing i have is s3->handshake_buffer , what value to copy there.</div><div><br></div><div> </div><div>Regards</div><div>Stiju</div><div><br></div><div> </div><div> </div><div> </div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 28, 2017 at 10:35 PM, Stiju Easo <span dir="ltr"><<a href="mailto:stiju.easo@gmail.com" target="_blank">stiju.easo@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div><br></div><div> I had a tool similar to SSLDump , which could decrypt SSL traffic (like Man in Middle).</div><div> for this, I used to copy needed data to SSL* and used to call tls1_enc/ssl3_enc to decrypt data.</div><div> Everything used to work fine extended master secret came up in SSL header, </div><div> even if it has empty value (just the place holder) as in pic attached.</div><div><img src="cid:ii_15bb4b40d8d504bf" alt="Inline image 1" width="358" height="108"><br></div><div> the SSL decryption failed, with -1 error from tls1_enc</div><div> "-1: if the record's padding/AEAD-authenticator is invalid or, if sending,</div><div> an internal error occurred."</div><div> on further debugging failure happens in EVP_Cipher().</div><div> </div><div> I tried OpenSSL1.1 and OpenSSL1.0.2, both has the same behavior. </div><div> </div><div> the doubt I have is </div><div> 1) if I have Extended Master Secret Extention type (with value 0) in my data, should I need to set something to SSL context so that.</div><div> 2) Is it necessary to use OpenSSL 1.1.0, if I don't intend to use value appearing in ExtendedMasterSecret? I just want to ignore wat ever appearing in the header as of now. for this will 1.0.2 will do, given I resolve item (1)</div><span class="HOEnZb"><font color="#888888"><div><br></div><div><div><br></div>-- <br><div class="m_-8752260143803114793gmail_signature"><br> Stiju Easo<br><br> <br> The unexamined life is not worth living for man.<br> Socrates, in Plato, Dialogues, Apology<br> Greek philosopher in Athens (469 BC - 399 BC)<br><br></div>
</div></font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><br> Stiju Easo<br><br> <br> The unexamined life is not worth living for man.<br> Socrates, in Plato, Dialogues, Apology<br> Greek philosopher in Athens (469 BC - 399 BC)<br><br></div>
</div>