Hi, I have a TLS 1.0 client which supports AES cipher suites defined in RFC3268. However, when it connects to a TLS server using OpenSSL 0.97. It gets a TLS fatal alert, 20 (bad record MAC). I saw the version is 3.1 and the cipher suite ID is 0x00 0x35 (TLS_RSA_WITH_AES_256_CBC_SHA) in the server hello message. Does anyone know if TLS_RSA_WITH_AES_256_CBC_SHA is supported in OpenSSL 0.97? Is there any problem with AES cipher suites? I searched openssl-users and openssl-dev archives and found there was a bug in the AES decryption but it was fixed in a recent patch. Is the bug in OpenSSL 0.97? Does it affect the AES cipher suites in TLS 1.0? My TLS client successfully connects to the same server using TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00 0x0a).
Sharon Xia Software developer WRQ, Inc. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
