Dear Alan Wolfe & All, I send some data to server, no problem server can receive the data normally. but when I send some data to client with openssl s_server.
for exmple, I enter "aaaaaaaaaa" on server with openssl s_server, it is 10 'a'. but I receive the data from client, I found the data have two application data. the first is 24 bytes. and the second is 32 bytes. I decrypt the data. I can't know what the 24 bytes data is . First 8 bytes of the 32 bytes data is mess, the next 2 bytes is 'a' and 'a', the next is 20 bytes mac and padding. the first 8 byte is wrong and what is the 24 bytes data before the 32 bytes? abc_123_ok 2008-07-23 发件人: Alan Wolfe 发送时间: 2008-07-23 11:04:35 收件人: [email protected] 抄送: 主题: Re: hello everyone just in case it helps debugging, when you said the first 8 bytes are wrong, instead of trying a pattern like "1111111" to send over you might try something like "12345..." so that way you can tell WHERE your data is getting messed up - ie that could show that not only is the first 8 bytes wrong, but your data begins at byte 9, which could point to a padding issue or something like that. my 2 cents in case it helps debugging (: On Tue, Jul 22, 2008 at 7:06 PM, Kyle Hamilton <[EMAIL PROTECTED]> wrote: Does the client receive the data properly? Does the server receive the data properly? You may have padding going on, you may have an initialization vector being preset, you may have a whole bunch of things going on under the hood. As long as both the client and the server agree on what's going on and what to interpret data as, there's no problems. There have been some obfuscations made to help prevent CBC attacks, as well (please see the TLS v1.0 and TLS v1.1 RFCs for references on what the attacks are and why these obfuscations are necessary to defeat them). -Kyle H 2008/7/22 abc_123_ok <[EMAIL PROTECTED]>: > Dear All, > > I use openssl as a server to test SSL client of our comany. the SSL client > is a part of embedded system。 > I used command as blow in Cygwin. > > > openssl s_server -accept 443 -cert testserver.pem -CAfile spectra_ca.pem > -cipher DES-CBC3-SHA > > Loading 'screen' into random state - done > Using default temp DH parameters > Using default temp ECDH parameters > ACCEPT > > bad gethostbyaddr > -----BEGIN SSL SESSION PARAMETERS----- > MHUCAQECAgMABAIACgQg7anPBHTC6jqWwBj/K5J8N4aJtFvBvvo/Cc/8IadX57gE > MPFpEU9fWppV85v9f4oGy5Q7eVAXqb4QGfbQ3CaHlbw9/laI6yDDWncvGJxHAo9U > oqEGAgRIhahuogQCAgEspAYEBAEAAAA= > -----END SSL SESSION PARAMETERS----- > Shared ciphers:RC4-MD5:RC4-SHA:DES-CBC3-SHA:NULL-SHA > CIPHER is DES-CBC3-SHA > 11111111 > > I send "1111111111" to client from server. > but I find a problem from capture software. > > I see two application data sent to the client. > the first , it is 24 bytes. the second, it is 32 bytes. I decrypted these > data , I find the , the first 8 bytes is wrong in 32 bytes. > > I don't understand why it have a 24 bytes application. the other, why the > first 8 bytes > is wrong in 32 bytes? > > who can help me? > > thanks a lot. > best regards. > > ________________________________ > abc_123_ok > 2008-07-22
