[openssl-users] How to debug SSLV3_ALERT_BAD_RECORD_MAC

We have recently upgraded our product to 1.0.2k. We are getting this error on a packet sent to us from our browser-based user interface. I really need some suggestions as to how to debug this problem. I know it is in our code rather than OpenSSL but I have no idea how to dig into what is

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> On Apr 25, 2017, at 3:17 PM, Blumenthal, Uri - 0553 - MITLL > wrote: > Secure Sockets Layer > SSL Record Layer: Handshake Protocol: Client Hello > Content Type: Handshake (22) > Version: TLS 1.2 (0x0303) > Length: 228 > Handshake Protocol:

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> extensions: 4 items > Extension (ns_cert_exts.comment) > Extension Id: 2.16.840.1.113730.1.13 (ns_cert_exts.comment) > BER Error: String with tag=22 expected but

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> On Apr 25, 2017, at 4:41 PM, Blumenthal, Uri - 0553 - MITLL > wrote: > >Client objects to the server chain. Either does not trust the MiTM root > CA, or >is unhappy about its encoding (assuming tshark is not generating an FP > warning). > > Thank you! So it is

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> Thank you! So it is the *client* that breaks the connection, > and it is unhappy either about MiTM, or the encoding. I will > check for both (though not much I can do about either). Presumably you've added that cert to some trust store on the system in question.

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

On 4/24/17, 7:26 PM, "openssl-users on behalf of Viktor Dukhovni" wrote: I get slightly annoyed when I take the time to help, but my response is skimmed over and not read carefully. Upthread I said: