DALE REAMER wrote:

> I should explain further. The client is using openssl, the server i=

s on firmwware and cannot use openssl. The server developer has rc4 code =
and we want to verify the encryption phase after the handshake phase. If =
I could give him separately(offline) the session secret he could verify t=
he server rc4 encryption/decryption is correct, (again offline).
> I find nothing for the session secret key, the closest is the wri=

te_mac_secret and read_mac_secret members of s3. That secret should be so=
mewhere I could grab it with Visual C++.

ssldump does a decryption if you give it the private RSA key; i don't=20
remember whether it also displays the session secret key, but with the=20
source of ssldump you can it modify to do it anyway.
Ciao,
Richard
--=20
Dr. Richard W. K=F6nning
Fujitsu Siemens Computers GmbH
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org