Thanks Marek..appreciate ur help..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Monday, July 24, 2006 4:04 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing
Hello,
> There seems to be no such function
Hello,
> In earlier versions there is code at the and of ssl3_mac()
> function in s3_enc.c file which looks like:
And for TLS1 version this code is at the end of tls1_mac()
function in t1_enc.c file.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
_
Hello,
> There seems to be no such function in openssl
> (ssl3_record_sequence_update())!!
> Can you pls tell where exactly this SSL sequence number is updated.
Well, yes, this function was introduced in 0.9.8.
In earlier versions there is code at the and of ssl3_mac()
function in s3_enc.c file whi
, July 24, 2006 2:01 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing
Hello,
>
> Does this read_mac_secret and write_mac_secret change with Every md5
> hash verification?
No, this values are calculated from pre_master_secret and until end or
renegotiation stays the same
Hello,
>
> Does this read_mac_secret and write_mac_secret change with
> Every md5 hash verification?
No, this values are calculated from pre_master_secret and until
end or renegotiation stays the same.
> I am not able to locate the code which actually updates this tcp
> Seq numbers and so on..w
function do?
Wht does it update?
Thanks
--Gayathri
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Friday, July 21, 2006 7:04 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing
Hello,
> Thanks Marek, can you expl
> Thanks Marek, can you explain more on this "MAC" verification errors?
> When I can ensure only control records are read by SSL_read, why should
> I get such errors? Yeah, ur correct, I will discard appliation records ;)
> (don't ask me how!!) but then openssl will work rite?
>
> What I have to
SSL is designed for private reliable bytestream between two parties.
Without looking at the spec, I can't say for certain, but I would be
*very* surprised if you can "slice out" any part of the SSL traffic and
not have generate an error.
Read the SSL/TLS spec.
/r$
--
SOA Appliances
Ap
Hello,
> Thanks Marek, can you explain more on this "MAC" verification errors?
When SSL record is read from TCP socket first is decrypted (using
read_secret and CBC xor vector) and then MAC of decrypted packet
is checked. When calculating MAC of decrypted packet the following
information is used:
Gayathri Sundar wrote:
Thanks Richard..but I was thinking only SSL RECORDS with Record Type "APP
DATA"
Contain application data!!! If I can ensure that only complete SSL Records
of Type
Handshake, Change cipher spec, and Alerts are given to OpenSSL, it can
process it rite?
This way how can open
t app data records have been removed..?
Hope I am making sense here..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Salz
Sent: Friday, July 21, 2006 5:41 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing
> Ok, what I meant
> Ok, what I meant is I will be removing the SSL record along with the app
> data!!
> So this should be fine right?
Then SSL will notice that records have been removed. Since records can
contain application data, and SSL guarantees the integrity of the
application bytestream, *ANY* attempt by
: Query On SSL Processing
The SSL records include a message digest (MAC) of the application data
within the record. If you remove the application data, the SSL record is no
longer valid.
If you think about it, this is obvious. SSL guarantees the integrity of the
application data. If someone modifies
The SSL records include a message digest (MAC) of the application data
within the record. If you remove the application data, the SSL record is
no longer valid.
If you think about it, this is obvious. SSL guarantees the integrity of
the application data. If someone modifies or removes the ap
have to do next depends on YOUR answer or anyone on this
Mailing list :)
Thanks
--G(3)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Friday, July 21, 2006 3:04 PM
To: openssl-users@openssl.org
Subject: Re: Query On SSL Processing
Hello
Hello,
> What would happen if openssl is starved of application data records
> and is fed only control messages? Would it misbehave?
SSL application records are not mandatory (but usually very useful :-)
So you may establish SSL connection and do for example
renegotiation after renegotiation or s
16 matches
Mail list logo
