> From: owner-openssl-us...@openssl.org On Behalf Of nilesh > Sent: Thursday, 13 October, 2011 09:17
> I have a query related to decrypting the packets when > Diffie-Hellman is > used for key exchange. <snip> > I know wireshark cannot decode these packets, as it will not know the > random secret generated locally - Xa and Xb. And any other Eve the same. > But is there any chance for us to know these values (or > atleast one of > these values Xa or Xb)? If I host the apache > server (for https) on my machine, is there a specific location where > these values are stored or logged (at least till > the time it completes the key calculation)? > Not that I can see. But if what you really want is to decrypt (and maybe verify) the connection data: according to its website Apache mod_ssl can cache SSL session information, which includes the master_secret, across all forks, which means it must be accessible to any process under that UID. This caching is a common practice for servers that (need to be able to) handle heavy load, and at least most web browsers. I don't see the format documented, but it's opensource so if nothing else you should be able to read that. The master_secret, plus the two Hello.random (always in clear for a connection-initial handshake), are sufficient to decrypt and/or verify connection data, regardless of the keyexchange method. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
