Hi Marek:
I asked you last week:
> I have to interface with a client running
> TLS_RSA_WITH_3DES_EDE_CBC_SHA1. For me, it means:
>..........
> Please very my thought is correctly . DH is not involved at all ??? I
> always think that DH have to be involved when using symmetric key.
You answered
>Yes, in this case DH is not used.
I have a problem with what to do with Ephemeral keying. In openssl, It
seem to me that I have two choices to use Ephemeral keying: temporary
RSA keys or Diffie_Hellman (DH) key agreement.
For temporary RSA keys, using something like:
SSL_CTX_set_options(ctx,
SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_EPHEMERAL_RSA)
RSA *rsa;
> > rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
> > if (!SSL_CTX_set_tmp_rsa(SSL_context,rsa)){
> > ExitPostmaster(1);
> > }
> > RSA_free(rsa);
For Diffie_Hellman (DH) , using something like:
SSL_CTX_set_options(ctx,
SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE)
SSL_CTX_set_tmp_dh_calback(...);
I can not use Diffie_Hellman (DH) key agreement because my
TLS_RSA_WITH_3DES_EDE_CBC_SHA1 requirement. I can implement this but it
does not help because the DH is not used in this case.
I can not use temporary RSA keys because of:
>Temporary RSA keys are only used in some export ciphersuites which are
now obsolete. The use of ephemeral
> RSA keys actually violates the standards in that particular
ciphersuite.
What else can I do to implement Ephemeral keying ??? Please help. I have
limited knowledge in this openssl.
Thank You
TD
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Thursday, March 15, 2007 14:03
To: openssl-users@openssl.org
Subject: RE: Root Certificates dir
Hello,
> I have to interface with a client running
> TLS_RSA_WITH_3DES_EDE_CBC_SHA1. For me, it means:
>
> 1) Authentification with RSA
> 2) Key exchange RSA
> 3) Encrytion 3DES_EDE_CBC
> 4) Digest SHA1
I agree.
> My question is how do they get Key exchange if they not using DH ??
> Another thought is that:
> 1)Client will send Random number in ClientHello.
> 2)Server will response with another Random in ServerHello.
> 3) Client send PreMaster Secret encrypt with Server's public key.
> 4) This PreMaster Secret is used to encrypt data
Yes, pre_master_secret (48 bytes) is generated on client with PRNG (to
be more specific, first two bytes of this pre_master_secret should be
protocol version, eg. 0x0300 for SSL3 and next 46 bytes should be random
data). client_random and server_random are generated on client and
server and are 32 bytes long with first four bytes created from actual
time and 28 bytes from PRNG (this may differ when SSL2 client_hello is
sent to SSL3/TLS1 server).
Pre_master_secret encrypted on client is sent to server and decrypted.
Based on this data (pre_master_secret, client_random and server_random)
both sides generate so called key_material with special algorithms
(using mostly MD5/SHA1 and XOR). Key_material may be any size, something
like PRNG algorithms.
Next key_material is used as keys to symmetric encryption algorithms
(des/aes) and digest functions (sha1/md5/hmac).
> Please very my thought is correctly . DH is not involved at all ??? I
> always think that DH have to be involved when using symmetric key.
Yes, in this case DH is not used.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
