Jeffrey Altman <[EMAIL PROTECTED]>:
>>> TLS_CHECKSUM_DATA ::= SEQUENCE {
>>> authentication-type-pair OCTET_STRING, -- 2 bytes
>>> SSLversion INTEGER, -- SSL version number
>>> Cipher OCTET_STRING, -- the 3 byte cipher ID
>>> Session_ID OCTET_STRING, -- the Session ID
>>> Master_key OCTET_STRING, -- the master key
>>> }
>> This is not secure. The master secret is derived from data
>> transmitted in clear and the premaster secret, which is just the
>> result of the DH exchange, which *can* be influenced by an attacker in
>> a way such that the client and server agree on its value and the
>> attacker knows it too.
> Do you have another suggestion?
> Is there anyway to do this which does not require the use of
> signed certificates?
If you include hashes of the DH *shares*, as opposed to the *result*
of the DH exchange, then you avoid the protocol weakness.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
