Hi All (esp SSL protocol experts). Please help me to understand
something!
In short
--------
What triggers the key exchange during an SSL transaction?
Background
----------
When I hit the s_server app with some clients/web browsers, I get this
normal happy output (courtesy of the -state s_server option):
(line numbers added for clarity)
1: SSL_accept:before/accept initialization
2: SSL_accept:SSLv3 read client hello A
3: SSL_accept:SSLv3 write server hello A
4: SSL_accept:SSLv3 write certificate A
5: SSL_accept:SSLv3 write server done A
6: SSL_accept:SSLv3 flush data
7: SSL_accept:SSLv3 read client key exchange A
8: SSL_accept:SSLv3 read finished A
9: SSL_accept:SSLv3 write change cipher spec A
10: SSL_accept:SSLv3 write finished A
11: SSL_accept:SSLv3 flush data
...yet with other clients I get these additional entries:
4: SSL_accept:SSLv3 write certificate A
-> Generating temp (512 bit) RSA key...
-> SSL_accept:SSLv3 write key exchange A
5: SSL_accept:SSLv3 write server done A
...or sometimes just this extra key exchange message:
4: SSL_accept:SSLv3 write certificate A
-> SSL_accept:SSLv3 write key exchange A
5: SSL_accept:SSLv3 write server done A
Why do I care? Well, this/these extra protocol step(s) cause(s) an extra
512 bit RSA public key operation to occur, which equates to a 50% slowdown
on a 1024 bit key-based transaction.
Hopefully, this is a matter of a mismatched cert on the client. Can some
helpful SSL protocol expert please help shed light on this?
Thanks a ton in advance,
--matt
__________________________________________________
Do You Yahoo!?
>From homework help to love advice, Yahoo! Experts has your answer.
http://experts.yahoo.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
