Dave, Thank you very much for your efforts. I must be doing something incorrect, as today I tried to re-run what I had done before, and the Linux PC running the s_client crashes processing the certificate. I am running snapshot builds.
If you don't mind me pestering a bit more, how did you run the test? Thanks, I appreciate your help. Mike --- On Mon, 9/28/09, Dave Thompson <dave.thomp...@princetonpayments.com> wrote: > From: Dave Thompson <dave.thomp...@princetonpayments.com> > Subject: RE: trying to understand ECDHE operations > To: openssl-users@openssl.org > Date: Monday, September 28, 2009, 7:16 PM > > From: owner-openssl-us...@openssl.org > On Behalf Of Michael D > > Sent: Friday, 25 September, 2009 09:32 > > > Thank you for your reply. > > Maybe we can drill down on the client key exchange > message first. > > Looking at the rfc I see it should hold: > > ECPoint ecdh_Yc; > > > > But for the prime192 curve, I would have expected an > > uncompressed point to be only 48 bytes. > > > > The size of the client key exchange message is 66 > bytes. > > > > What is in the remaining bytes? > > > First, a caveat: I set up a test to verify my > understanding, > and found (to my surprise) that s_server at least doesn't > try > to use the same curve for kECDHE as for aECDSA; it's a > separate > choice, and defaults to sectp163r2. Are you sure either > your > server or your client is selecting (forcing) prime192r1 for > > keyagreement AS WELL AS signing/authentication? > > That said, I get *49* bytes of ECDH data (Yc), plus a > 1-byte > length prefix totalling 50, in a ClientKeyExchange message > > totalling 54, in a (clear) handshake record totalling 59. > Combined with other records/messages into a TCP segment > etc. > > If that's not what you got, you did something different. > > > > ______________________________________________________________________ > OpenSSL Project > > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > > majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org