"Mounir IDRASSI" wrote in message ... > You simply can't guess the padding mode if you don't know it in advance. > Imagine the security consequences if this was possible : it would mean > that an attacker can have information about the clear text without having > access to the private key!!
Okay, but the SSL client uses RSA_public_encrypt() with a padding value that is unknown to the SSL server, which uses RSA_private_decrypt() later on. How can the SSL server know in advance what padding mode the SSL client is going to use? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org