On 31/01/13 07:15, Viktor Dukhovni wrote:
This is fair, the tls-unique value is in practice only 96 bits. And
indeed its intended use is channel-binding with GSSAPI, ... If 96-bits
is not enough, one needs to get at the master secret on both sides,
and run that through a KDF together with client and server random plus
a suitable application-specific salt. Does OpenSSL provide a public
interface for getting at the master secret or otherwise generating
application-specific derived keys?
Good question...
Still trying to understand how to approach this (I'm somewhat new to
cryptography). I need a symmetric key for encrypting bulk data with
AES256. Wouldn't I need an input to the KDF with keyspace of at least
256 bits to generate the same key at both ends after the TLS handshake?
T J
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
