|
From: | Casey Marshall |
Subject: | Re: [Jessie-discuss] Running GNU-Classpath-SSL with Sun-JDK1.5 |
Date: | Fri, 23 Mar 2007 19:10:59 -0700 |
On Mar 23, 2007, at 6:21 PM, chinmaya wrote:
Casey, Great !!! :) got it working .. .I am planning to export (use) the Master secret from the SSL Sessions inside my application.So I plan to change the jessie's code and put some hooks so that my application can extract master-key from every session and use it for a key derivation.Also I would want to put hooks in to provider code so that my applicationget some info on Client/Server hello and alert messages.Do you think this is achievable ? Do you foresee any problem with this.
This should be fine. For master secrets, you probably want to hack the SessionImpl class. There is some support for "pluggable" session stores through the class AbstractSessionContext, but it exports master secrets as SealedObjects, which likely won't do what you want.
Would Sun JDK put any security restrictions to application code accessingprovider code directly?
I doubt it does.
[Prev in Thread] | Current Thread | [Next in Thread] |