Is there even a way to get the session secret? I mean, it has to be stored
in memory somewhere right? I would greatly appreciate anything that anyone
can give me since I am completely at wits end with this.
Thanks,
Sam
On Fri, Aug 13, 2010 at 3:40 PM, Sam Jantz wrote:
> To whom it may concern,
>
> First I have to say that I am sorry for any lack of detail that I post
> do to non disclosure agreements, and also I swear that I am not trying to do
> anything malicious here.
>
> That being said, I am looking for a way to recover the agreed upon
> session secret key, and also the initialization vector that comes at the end
> of the handshake. I need to do this programmaticly, and relatively quickly.
> In my program I have the SSL session opbject, and can get at the Master
> Key, but I'm a little confused at how the session secret is generated, and
> when RSA vs. DH is used. I've read everything I can get a hold of and am
> still foggy as to just how this works. I know that it has to happen
> somewhere, but just can't figure out where. If someone could
> more concisely explain the session secret process to me, I would be
> eternally grateful.
> All that being said, I look forward to whatever help you can provide.
> Thank you in advanced.
>
> Also, before I forget, I found this (
> http://marc.info/?l=openssl-dev&m=113831859919711) conversation that
> sounds like a similar problem, but I couldn't find any information on how to
> use the SSL_SESSION_get_ex_data() function (aside from the man page) as
> far in as where the arguments would come from. Again, any help would be
> greatly appreciated.
>
> One humbled techno weenie,
> Sam
> --
> Sam Jantz
> Software Engineer
>
>
--
Sam Jantz
Software Engineer
