To whom it may concern,
First I have to say that I am sorry for any lack of detail that I post
do to non disclosure agreements, and also I swear that I am not trying to do
anything malicious here.
That being said, I am looking for a way to recover the agreed upon
session secret key, and also the initialization vector that comes at the end
of the handshake. I need to do this programmaticly, and relatively quickly.
In my program I have the SSL session opbject, and can get at the Master
Key, but I'm a little confused at how the session secret is generated, and
when RSA vs. DH is used. I've read everything I can get a hold of and am
still foggy as to just how this works. I know that it has to happen
somewhere, but just can't figure out where. If someone could more concisely
explain the session secret process to me, I would be eternally grateful.
All that being said, I look forward to whatever help you can provide.
Thank you in advanced.
Also, before I forget, I found this (
http://marc.info/?l=openssl-dev&m=113831859919711) conversation that sounds
like a similar problem, but I couldn't find any information on how to use
the SSL_SESSION_get_ex_data() function (aside from the man page) as far in
as where the arguments would come from. Again, any help would be greatly
appreciated.
One humbled techno weenie,
Sam
--
Sam Jantz
Software Engineer
