Does the client receive the data properly? Does the server receive the data properly?
You may have padding going on, you may have an initialization vector being preset, you may have a whole bunch of things going on under the hood. As long as both the client and the server agree on what's going on and what to interpret data as, there's no problems. There have been some obfuscations made to help prevent CBC attacks, as well (please see the TLS v1.0 and TLS v1.1 RFCs for references on what the attacks are and why these obfuscations are necessary to defeat them). -Kyle H 2008/7/22 abc_123_ok <[EMAIL PROTECTED]>: > Dear All, > > I use openssl as a server to test SSL client of our comany. the SSL client > is a part of embedded system。 > I used command as blow in Cygwin. > > > openssl s_server -accept 443 -cert testserver.pem -CAfile spectra_ca.pem > -cipher DES-CBC3-SHA > > Loading 'screen' into random state - done > Using default temp DH parameters > Using default temp ECDH parameters > ACCEPT > > bad gethostbyaddr > -----BEGIN SSL SESSION PARAMETERS----- > MHUCAQECAgMABAIACgQg7anPBHTC6jqWwBj/K5J8N4aJtFvBvvo/Cc/8IadX57gE > MPFpEU9fWppV85v9f4oGy5Q7eVAXqb4QGfbQ3CaHlbw9/laI6yDDWncvGJxHAo9U > oqEGAgRIhahuogQCAgEspAYEBAEAAAA= > -----END SSL SESSION PARAMETERS----- > Shared ciphers:RC4-MD5:RC4-SHA:DES-CBC3-SHA:NULL-SHA > CIPHER is DES-CBC3-SHA > 11111111 > > I send "1111111111" to client from server. > but I find a problem from capture software. > > I see two application data sent to the client. > the first , it is 24 bytes. the second, it is 32 bytes. I decrypted these > data , I find the , the first 8 bytes is wrong in 32 bytes. > > I don't understand why it have a 24 bytes application. the other, why the > first 8 bytes > is wrong in 32 bytes? > > who can help me? > > thanks a lot. > best regards. > > ________________________________ > abc_123_ok > 2008-07-22
