just in case it helps debugging, when you said the first 8 bytes are wrong, instead of trying a pattern like "1111111" to send over you might try something like "12345..." so that way you can tell WHERE your data is getting messed up - ie that could show that not only is the first 8 bytes wrong, but your data begins at byte 9, which could point to a padding issue or something like that.
my 2 cents in case it helps debugging (: On Tue, Jul 22, 2008 at 7:06 PM, Kyle Hamilton <[EMAIL PROTECTED]> wrote: > Does the client receive the data properly? > Does the server receive the data properly? > > You may have padding going on, you may have an initialization vector > being preset, you may have a whole bunch of things going on under the > hood. As long as both the client and the server agree on what's going > on and what to interpret data as, there's no problems. > > There have been some obfuscations made to help prevent CBC attacks, as > well (please see the TLS v1.0 and TLS v1.1 RFCs for references on what > the attacks are and why these obfuscations are necessary to defeat > them). > > -Kyle H > > 2008/7/22 abc_123_ok <[EMAIL PROTECTED]>: > > Dear All, > > > > I use openssl as a server to test SSL client of our comany. the SSL > client > > is a part of embedded system。 > > I used command as blow in Cygwin. > > > > > > openssl s_server -accept 443 -cert testserver.pem -CAfile spectra_ca.pem > > -cipher DES-CBC3-SHA > > > > Loading 'screen' into random state - done > > Using default temp DH parameters > > Using default temp ECDH parameters > > ACCEPT > > > > bad gethostbyaddr > > -----BEGIN SSL SESSION PARAMETERS----- > > MHUCAQECAgMABAIACgQg7anPBHTC6jqWwBj/K5J8N4aJtFvBvvo/Cc/8IadX57gE > > MPFpEU9fWppV85v9f4oGy5Q7eVAXqb4QGfbQ3CaHlbw9/laI6yDDWncvGJxHAo9U > > oqEGAgRIhahuogQCAgEspAYEBAEAAAA= > > -----END SSL SESSION PARAMETERS----- > > Shared ciphers:RC4-MD5:RC4-SHA:DES-CBC3-SHA:NULL-SHA > > CIPHER is DES-CBC3-SHA > > 11111111 > > > > I send "1111111111" to client from server. > > but I find a problem from capture software. > > > > I see two application data sent to the client. > > the first , it is 24 bytes. the second, it is 32 bytes. I decrypted these > > data , I find the , the first 8 bytes is wrong in 32 bytes. > > > > I don't understand why it have a 24 bytes application. the other, why the > > first 8 bytes > > is wrong in 32 bytes? > > > > who can help me? > > > > thanks a lot. > > best regards. > > > > ________________________________ > > abc_123_ok > > 2008-07-22 >
