Hi, I am a network security researcher. We have designed and developed a multifactor authentication and secure key exchange protocol that can counter man in the middle attack. I want to integrate my protocol with SSL on apache. I have written my own protocol for authentication and key exchange. My protocol will be hosted on some port X. User app on client will call our protocol for two way one time password authentication and key exchange. Once user is authenticated and session key is generated, I will write that key to key store of apache. Now I will forward the traffic to port 443 for use of SSL. I dont want to use SSL's handhsake and key exchange protocols since this part is already done by my protocol. Can you please help me regarding how to configure open SSL in apache to stop the use of hanshake layer, that takes care of authentication and key exchange. I still want SSL to change cipher suite and do rest of the normal stuff. Will appreciate your help.
regards, Sid
