On 15 Jul 2015, at 8:42 , Dieter Klünter dieter@dkluenter.de wrote:
You may have read this article
https://sys4.de/de/blog/2013/09/09/perfect-forward-secrecy-eine-zusammenfass...
Hallo Dieter,
Yes, I have read your article and confirmed again that everything is indeed set up along the lines of your example configuration. The server temporary key remains at 1024 bytes. There is one small difference in the openssl s_client debug output:
<snip> SSL_connect:SSLv3 read server certificate A read from 0x24917f0 [0x24da7d3] (5 bytes => 5 (0x5)) 0000 - 16 03 03 03 0f ..... read from 0x24917f0 [0x24da7d8] (783 bytes => 783 (0x30F)) 0000 - 0c 00 03 0b 00 80 97 f6-42 61 ca b5 05 dd 28 28 ........Ba....(( </snip>
According to your article the ephemeral certificate starts at 0c and "00 02 0b” precedes the certificate length value (here: 00 80, 1024 bits). As you can see, in my case the blocks before the certificate length show "00 03 0b”.
jens