> From: owner-openssl-us...@openssl.org On Behalf Of Michael D > Sent: Friday, 25 September, 2009 09:32
> Thank you for your reply. > Maybe we can drill down on the client key exchange message first. > Looking at the rfc I see it should hold: > ECPoint ecdh_Yc; > > But for the prime192 curve, I would have expected an > uncompressed point to be only 48 bytes. > > The size of the client key exchange message is 66 bytes. > > What is in the remaining bytes? > First, a caveat: I set up a test to verify my understanding, and found (to my surprise) that s_server at least doesn't try to use the same curve for kECDHE as for aECDSA; it's a separate choice, and defaults to sectp163r2. Are you sure either your server or your client is selecting (forcing) prime192r1 for keyagreement AS WELL AS signing/authentication? That said, I get *49* bytes of ECDH data (Yc), plus a 1-byte length prefix totalling 50, in a ClientKeyExchange message totalling 54, in a (clear) handshake record totalling 59. Combined with other records/messages into a TCP segment etc. If that's not what you got, you did something different. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org