[openssl-users] May I ask you about the master-key in openssl s_client command result?
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Sep 27 01:55:02 UTC 2018
> On Sep 26, 2018, at 9:19 PM, 이영주 <shinejaekal at naver.com> wrote:
>
> I wonder why master-key is revealed in plaintext in the results below.
> (used command : Openssl s_client -connect host:port)
Because s_client is a debugging tool, and a source of example code
that demonstrates many elaborate features of the API from which you
can pic and chose the functions that are useful to you. The s_client
command is NOT designed to be used for any non-diagnostic purposes.
> Does it matter if the master key is exposed in plaintext?
That's a feature. You can check when using s_server that both computed
the same key.
> And I wonder what role this master key plays.
https://tools.ietf.org/html/rfc5246#section-8.1
https://tools.ietf.org/html/rfc5246#appendix-A.6
https://tools.ietf.org/html/rfc5246#section-6.3
https://tools.ietf.org/html/rfc5246#section-7.4.9
https://tools.ietf.org/html/rfc5246#appendix-F.1.1
https://tools.ietf.org/html/rfc5246#appendix-F.1.4
https://tools.ietf.org/html/rfc5246#appendix-F.2
--
Viktor.
More information about the openssl-users
mailing list