What about the 32 octets in the finished message(CipherText)? How can
we have it? Thank you Jostein Tveit wrote: Mohamad Badra <[EMAIL PROTECTED]> writes:I have 2 questions about this sequence number in TLS: 1)What is the value of finished's sequence number? It is zero?>From RFC2246 page 16: sequence number Each connection state contains a sequence number, which is maintained separately for read and write states. The sequence number must be set to zero whenever a connection state is made the active state. Sequence numbers are of type uint64 and may not exceed 2^64-1. A sequence number is incremented after each record: specifically, the first record which is transmitted under a particular connection state should use sequence number 0. This mean that the next message after a ChangeCipherSpec will always have sequence number 0.2) Is there any command line with OpenSSLto have the MAC?Not as far as I know. The MAC is encrypted and you must have access to the session key to print the MAC. ssldump <URL: http://www.rtfm.com/ssldump/ > can decrypt certain SSL connections, but I don't think it is capable of printing the MAC. You can probably hack the source, though. |
- about the sequence number field Swaminathan P
- Re: about the sequence number field Lev Walkin
- Re: about the sequence number field Swaminathan P
- Re: about the sequence number field Lev Walkin
- Re: about the sequence number field Geoff Thorpe
- Re: about the sequence number field Swaminathan P
- Re: about the sequence number field Mohamad Badra
- Re: about the sequence number field Jostein Tveit
- Mohamad Badra