DALE REAMER wrote:
I should explain further. The client is using openssl, the server is on
firmwware and cannot use openssl. The server developer has rc4 code and we want
to verify the encryption phase after the handshake phase. If I could give him
separately(offline) the session secret he could verify the server rc4
encryption/decryption is correct, (again offline).
I find nothing for the session secret key, the closest is the
write_mac_secret and read_mac_secret members of s3. That secret should be
somewhere I could grab it with Visual C++.
ssldump does a decryption if you give it the private RSA key; i don't
remember whether it also displays the session secret key, but with the
source of ssldump you can it modify to do it anyway.
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
