Dear Kyle, this is my problem.
I use openssl as a server to test SSL client of our comany. the SSL client is a part of embedded system。 I used command as blow in Cygwin. openssl s_server -accept 443 -cert testserver.pem -CAfile spectra_ca.pem -cipher DES-CBC3-SHA Loading 'screen' into random state - done Using default temp DH parameters Using default temp ECDH parameters ACCEPT bad gethostbyaddr -----BEGIN SSL SESSION PARAMETERS----- MHUCAQECAgMABAIACgQg7anPBHTC6jqWwBj/K5J8N4aJtFvBvvo/Cc/8IadX57gE MPFpEU9fWppV85v9f4oGy5Q7eVAXqb4QGfbQ3CaHlbw9/laI6yDDWncvGJxHAo9U oqEGAgRIhahuogQCAgEspAYEBAEAAAA= -----END SSL SESSION PARAMETERS----- Shared ciphers:RC4-MD5:RC4-SHA:DES-CBC3-SHA:NULL-SHA CIPHER is DES-CBC3-SHA 11111111 I send "1111111111" to client from server. but I find a problem from capture software. I see two application data sent to the client. the first , it is 24 bytes. the second, it is 32 bytes. I decrypted these data , I find the , the first 8 bytes is wrong in 32 bytes. I don't understand why it have a 24 bytes application. the other, why the first 8 bytes is wrong in 32 bytes? who can help me? thanks a lot. best regards. abc_123_ok 2008-07-28 发件人: Kyle Hamilton 发送时间: 2008-07-28 12:20:26 收件人: [email protected] 抄送: 主题: Re: Re: Re: hello everyone Why is this a problem? What is the problem? SSL and TLS are designed to abstract out underlying protocol details from the protocol client. What are you doing that requires a 1 to 1 correspondence? -Kyle H 2008/7/27 abc_123_ok <[EMAIL PROTECTED] >: > I can't fix my problem , anybady can help me? > > ________________________________ > abc_123_ok > 2008-07-28 > ________________________________ > 发件人: abc_123_ok > 发送时间: 2008-07-25 09:35:17 > 收件人: [email protected] > 抄送: > 主题: Re: Re: Re: hello everyone > > Dear Victor Duchovni, > > I knew what you speak as below, > I have added the CBC padding and Mac and record head, but besides these len, > it still have 24 bytes is more. the 24 bytes is before the application > data. > > my problem still can n't be fixed. > > > ________________________________ > abc_123_ok > 2008-07-25 > ________________________________ > 发件人: Victor Duchovni > 发送时间: 2008-07-24 22:02:49 > 收件人: [email protected] > 抄送: > 主题: Re: Re: Re: hello everyone > > On Thu, Jul 24, 2008 at 05:10:54PM +0800, abc_123_ok wrote: > > > I want to know what the 24 byte is. > > The TLS "record layer" uses a 5 byte header. The actual data > is extended with a MAC, and encrypted which often adds CBC padding. > > You should not make any assumptions about the length of the encrypted > data on the wire, there may also be packets for renegotiation if the > client or server chooses to do that. > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [EMAIL PROTECTED] :??I"???????ì(?鬲Z+?K ?+??????x ???鬲[?z?(?鬲Z+? ??f?y????? ?f???h??)z{,??
