[openssl-users] Doubt regarding ExtendedMasterSecret

Stiju Easo stiju.easo at gmail.com
Fri Apr 28 17:05:42 UTC 2017


   I had a tool similar to SSLDump , which could decrypt SSL traffic (like
Man in Middle).
   for this, I used to copy needed data to SSL* and used to call
tls1_enc/ssl3_enc  to decrypt data.
   Everything used to work fine extended master secret came up in
SSL header,
   even if it has empty value (just the place holder) as in pic attached.
[image: Inline image 1]
   the SSL decryption failed, with -1 error from tls1_enc
        "-1: if the record's padding/AEAD-authenticator is invalid or, if
         an internal error occurred."
   on further debugging failure happens in EVP_Cipher().

   I tried OpenSSL1.1 and OpenSSL1.0.2, both has the same behavior.

   the doubt I have is
   1) if I have Extended Master Secret Extention type (with value 0)  in my
data,  should I need to set something to SSL context so that.
   2) Is it necessary to use OpenSSL 1.1.0, if I don't intend to use value
appearing in ExtendedMasterSecret?  I just want to ignore wat ever
appearing in the header as of now. for this will 1.0.2 will do, given I
resolve item (1)


          Stiju Easo

 The unexamined life is not worth living for man.
      Socrates, in Plato, Dialogues, Apology
      Greek philosopher in Athens (469 BC - 399 BC)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170428/c52133d3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 8727 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170428/c52133d3/attachment.png>

More information about the openssl-users mailing list