On Tue, 04 May 2010 09:28:58 -0700 Nelson B Bolyard <nel...@bolyard.me> wrote:
> On 2010-05-04 05:41 PST, Ramon de Carvalho Valle wrote: > > >>> SSLTAP shows the ClientKeyExchange message length in > >>> client_key_exchange (16) is 130 (0x82) for TLSv1 and 128 (0x80) > >>> for SSLv3. > >> Yes, that is a difference between the two protocol versions. > >> > >> TLS encodes the encrypted pre-master secret with an additional > >> explicit length. SSL 3.0 does not. That additional explicit > >> length takes 2 bytes. > > > > Do you know if this additional explicit length should be handled by > > my PKCS #11 implementation when SSLv3 protocol is used or if it is > > handled by mod_nss/NSS library? > > It's all handled by the SSL library. Nelson, but when implementing a PKCS#11 token, we should be performing the PKCS#11 v1.5 padding for the CKM_RSA_PKCS method, right? Should we worry about the PKCS padding specified in SSLv2 "compatibility mode"? (Appendix E.2 of the SSLv3 rfc, http://tools.ietf.org/html/draft-ietf-tls-ssl-version3-00) Should we use the 'all random' version or the 'last 8 bytes with 0x03' version? We're trying to identify why our implementation works OK with TLSv1 while it fails with SSLv3. It all looks the same from a PKCS#11 point-of-view -Klaus -- Klaus Heinrich Kiwi | kla...@br.ibm.com | http://blog.klauskiwi.com Open Source Security blog : http://www.ratliff.net/blog IBM Linux Technology Center : http://www.ibm.com/linux/ltc -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
