F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

KT_271103's avatar
KT_271103
Icon for Nimbostratus rankNimbostratus
Jul 27, 2016

SSL key generation method

Please clear below questions?   Pre-master key derived from already shared random numbers through initial handshake process. Is it correct? How master key is generating from pre-master key on both...
application delivery
Secure Web Gateway
security
WebSafe
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Nov 22, 2016

I'm struggling to understand what "PRN" means in your question. Pseudo-Random Number?

 

If you meant PRF, that's a function and not a value. In any case, let's look at this from the perspective of the key exchange method.

 

If we're talking about DH, the client and server random numbers are transmitted in the clear and serve as seeds in the PRF, and the PMS is derived from the DH algorithm as (g^ab mod p). The 'a' in this case is the client's secret number. Having access to the client's random number isn't enough. You'd also have to have access to the client's secret number, and that isn't transmitted across the wire.

 

If you're talking about RSA, the client and server still send random numbers in the clear, but this time the PMS is some secret value that the client creates, encrypts with the server's public key, and sends to the server. So in the case, if you had access to the server's private key and could sit in the middle and collect the random numbers and encrypted PMS, you'd have everything you need to create the master secret. This is the basis of pretty much all SSL man-in-the-middle technologies, and is the opposite of perfect forward secrecy, and a big reason for the RSA key agreement not being included in the upcoming TLSv1.3.