Hi Marek: I asked you last week: > I have to interface with a client running > TLS_RSA_WITH_3DES_EDE_CBC_SHA1. For me, it means: >.......... > Please very my thought is correctly . DH is not involved at all ??? I > always think that DH have to be involved when using symmetric key.
You answered >Yes, in this case DH is not used. I have a problem with what to do with Ephemeral keying. In openssl, It seem to me that I have two choices to use Ephemeral keying: temporary RSA keys or Diffie_Hellman (DH) key agreement. For temporary RSA keys, using something like: SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_EPHEMERAL_RSA) RSA *rsa; > > rsa=RSA_generate_key(512,RSA_F4,NULL,NULL); > > if (!SSL_CTX_set_tmp_rsa(SSL_context,rsa)){ > > ExitPostmaster(1); > > } > > RSA_free(rsa); For Diffie_Hellman (DH) , using something like: SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE) SSL_CTX_set_tmp_dh_calback(...); I can not use Diffie_Hellman (DH) key agreement because my TLS_RSA_WITH_3DES_EDE_CBC_SHA1 requirement. I can implement this but it does not help because the DH is not used in this case. I can not use temporary RSA keys because of: >Temporary RSA keys are only used in some export ciphersuites which are now obsolete. The use of ephemeral > RSA keys actually violates the standards in that particular ciphersuite. What else can I do to implement Ephemeral keying ??? Please help. I have limited knowledge in this openssl. Thank You TD -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola Sent: Thursday, March 15, 2007 14:03 To: openssl-users@openssl.org Subject: RE: Root Certificates dir Hello, > I have to interface with a client running > TLS_RSA_WITH_3DES_EDE_CBC_SHA1. For me, it means: > > 1) Authentification with RSA > 2) Key exchange RSA > 3) Encrytion 3DES_EDE_CBC > 4) Digest SHA1 I agree. > My question is how do they get Key exchange if they not using DH ?? > Another thought is that: > 1)Client will send Random number in ClientHello. > 2)Server will response with another Random in ServerHello. > 3) Client send PreMaster Secret encrypt with Server's public key. > 4) This PreMaster Secret is used to encrypt data Yes, pre_master_secret (48 bytes) is generated on client with PRNG (to be more specific, first two bytes of this pre_master_secret should be protocol version, eg. 0x0300 for SSL3 and next 46 bytes should be random data). client_random and server_random are generated on client and server and are 32 bytes long with first four bytes created from actual time and 28 bytes from PRNG (this may differ when SSL2 client_hello is sent to SSL3/TLS1 server). Pre_master_secret encrypted on client is sent to server and decrypted. Based on this data (pre_master_secret, client_random and server_random) both sides generate so called key_material with special algorithms (using mostly MD5/SHA1 and XOR). Key_material may be any size, something like PRNG algorithms. Next key_material is used as keys to symmetric encryption algorithms (des/aes) and digest functions (sha1/md5/hmac). > Please very my thought is correctly . DH is not involved at all ??? I > always think that DH have to be involved when using symmetric key. Yes, in this case DH is not used. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]