On Thu, Feb 07, 2013 at 11:12:13AM +1300, T J wrote:
> Sorry to keep hammering away at this, but I think I am missing
> something here.
>
> OpenSSL does all this for a TLS connection anyway right? I mean,
> after a handshake, encryption keys, IV's etc are generated so that
> the TLS connection can use them for encrypting/decrypting data.
> Surely I shouldn't have to reinvent the wheel and do what OpenSSL
> already does...
>
> All I want to do is get those keys, after the connection has been
> established and use them directly in my own app instead of using the
> SSL connection normally. Isn't there something like
> ssl->s3->final_key ?
It is bad practice to clone keys. You should also not depend on
OpenSSL negotiating a particular algorithm. OpenSSL's key are
for the OpenSSL session only. Keys for your application should
be the result of a suitably independent KDF.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
