Hello all, Sorry for this bandwidth. I cudn't find answers on the openssl users list.
I needed some help on how to verify the client finished handshake message. I get a encrypted client finished message on the server(java based). The negotiated cipher suite is TLS_RSA_WITH_RC4_128_MD5 Using the rc4 cipher and the "client write key" I am able to decrypt the message Decrypted message ***************** " 20 0 0 12 35 -44 66 13 -3 97 -2 68 57 -33 124 13 -49 93 20 -61 -78 -22 -111 -87 110 -88 -86 -127 -32 -56 -62 105 " The last 16 bytes are the MAC. Could someone tell me how do I verify this MAC? I've read the section 6.2.3 of the RFC 2246 , but still can't figure it out. Do I create the HMAC_MD5 of the entire TLS record,starting from content type(22)? Regards, Avinash ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
