Java SSL Client/Server random values -


i need access ssl server/client randoms exchanged during ssl/tls handshake can use them @ later time in encapsulated protocol.

how access these values in java? i've had @ sslsocket.gethandshake() doesn't seem expose values.

there's no api call in jsse let access directly.

you can see through -djavax.net.debug=ssl ("client nonce"), that's not accessible within application.

you via reflection on private members, this bad idea (like use of reflection using private members on private api). going dependent on version , implementation of java you're using too.

    field handshakerfield = sslsocket.getclass().getdeclaredfield(             "handshaker");     handshakerfield.setaccessible(true);     object handshakerobj = handshakerfield.get(sslsocket);     system.out.println(handshakerobj);      // start handshake *after* you've got hold of handshaker object,     // otherwise null.     sslsocket.starthandshake();      class<?> handshakerclass = class.forname("sun.security.ssl.handshaker");     field clientrandomfield = handshakerclass             .getdeclaredfield("clnt_random");     clientrandomfield.setaccessible(true);     object clientrandomobj = clientrandomfield.get(handshakerobj);     system.out.println(clientrandomobj);      field randombytesfield = clientrandomobj.getclass().getdeclaredfield(             "random_bytes");     randombytesfield.setaccessible(true);     byte[] randombytesobj = (byte[])randombytesfield.get(clientrandomobj);

i'm not sure why encapsulated protocol need this. doesn't seem idea @ all. it's not clear kind of security meant add. if you're after ssl/tls channel token of sorts, using session id better (although that's not idea either).

it's quite ssl/tls stacks not let hold of in general. it's main purpose generate pre_master_secret , "the pre_master_secret should deleted memory once master_secret has been computed." (according tls specification).


Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more