[gnutls-dev] Possible bug in GnuTLS AES/SHA1
Simon Josefsson
simon at josefsson.org
Tue Jan 9 08:50:04 CET 2007
James Westby <jw+debian at jameswestby.net> writes:
> Apologies for posting again so quickly, but I remembered something else
> that I wanted to mention in the mail.
>
> When opening the tcpdumps in wireshark there is a breakdown of the
> handshake. Wireshark interprets it like this (without the version
> negotiation patch applied):
>
> Server Client
>
> Hello (SSL3.0 and TLS1.0) no compression
> 13 cipher suites
> 0x0035 0x002f 0x000a 0x0016 0x0013 0x0005 0x0004
> 0x0009 0x0012 0x0008 0x0003 0x0011 0x0014
>
> Hello (TLS1.0) no compression
> 0x002f TLS_RSA_WITH_AES_128_CBC_SHA
>
> Certificate, Certificate request, Hello done
>
> Certificate (none)
>
> Client key exchange, Change cipher spec,
> Encrypted handshake
>
> Change cipher spec
>
> Encrypted handshake
>
> Encrypted alert (Bad record MAC).
>
>
>
> Which reads reasonable to me.
Me to... you'd might want to compare that with a OpenSSL server
configured for similar settings.
> As for debugging the actual data on the wire I'm not sure of the best
> approach for doing this.
Using wireshark and comparing between two sessions, one that work, and
one that doesn't, and look for differences, is the only I can think
of... there are some TLS dump tools around, but none as versatile as
wireshark + RFC + pen&paper.
/Simon
More information about the Gnutls-devel
mailing list