Ok, I reran my tests again...This time I added the -named_curve parameter...and do indeed get 50 byte key for the prime192v1 curve.
However, if I run the server with my certificate and key, the client crashes processing the certificate. One more question. If the public key is in the certificate, why does the server send a server key exchange? Thank you everybody for your help. -Mike --- On Tue, 9/29/09, Michael D <bsd_m...@yahoo.com> wrote: > From: Michael D <bsd_m...@yahoo.com> > Subject: RE: trying to understand ECDHE operations > To: openssl-users@openssl.org > Date: Tuesday, September 29, 2009, 6:52 PM > Dave, > > Thank you very much for your efforts. > I must be doing something incorrect, as today I tried to > re-run > what I had done before, and the Linux PC running the > s_client > crashes processing the certificate. I am running > snapshot > builds. > > If you don't mind me pestering a bit more, how did you run > > the test? > > Thanks, I appreciate your help. > Mike > > > > --- On Mon, 9/28/09, Dave Thompson <dave.thomp...@princetonpayments.com> > wrote: > > > From: Dave Thompson <dave.thomp...@princetonpayments.com> > > Subject: RE: trying to understand ECDHE operations > > To: openssl-users@openssl.org > > Date: Monday, September 28, 2009, 7:16 PM > > > From: owner-openssl-us...@openssl.org > > On Behalf Of Michael D > > > Sent: Friday, 25 September, 2009 09:32 > > > > > Thank you for your reply. > > > Maybe we can drill down on the client key > exchange > > message first. > > > Looking at the rfc I see it should hold: > > > ECPoint ecdh_Yc; > > > > > > But for the prime192 curve, I would have expected > an > > > uncompressed point to be only 48 bytes. > > > > > > The size of the client key exchange message is > 66 > > bytes. > > > > > > What is in the remaining bytes? > > > > > First, a caveat: I set up a test to verify my > > understanding, > > and found (to my surprise) that s_server at least > doesn't > > try > > to use the same curve for kECDHE as for aECDSA; it's > a > > separate > > choice, and defaults to sectp163r2. Are you sure > either > > your > > server or your client is selecting (forcing) > prime192r1 for > > > > keyagreement AS WELL AS signing/authentication? > > > > That said, I get *49* bytes of ECDH data (Yc), plus a > > 1-byte > > length prefix totalling 50, in a ClientKeyExchange > message > > > > totalling 54, in a (clear) handshake record totalling > 59. > > Combined with other records/messages into a TCP > segment > > etc. > > > > If that's not what you got, you did something > different. > > > > > > > > > ______________________________________________________________________ > > OpenSSL Project > > > > http://www.openssl.org > > User Support Mailing List > > openssl-users@openssl.org > > Automated List Manager > > > > majord...@openssl.org > > > ______________________________________________________________________ > OpenSSL Project > > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > > majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
