> Frederic Evrard wrote: >> I'm using open-ssl to do EAP-TLS authentication, then I've a question >> about something strange for me. >> When you want to use TLS to mount an encrypted tunnel, you need a >> session >> key, but in authentication you only need certificate checking ?? Why >> generate pre-master-key, master-key, etc... if datas aren't crypted >> after >> authentication. Is it just to respect the protocol ? > > For computing the HMACs keys are needed, therefore you need the > pre-master-key etc. in any case. > Ciao, > Richard
Ok thanks, and this HMACs keys are used to forge TLS Record Layer : Hanshake Protocol : Encrypted Hanshake Message HMACs(shared secret+DAta). Is it used to control integrity of the TLS Handshake packet ? Fred. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]