> An error occurred during a connection to cafe.na.tibco.com:1802. SSL
> received a record with an incorrect Message Authentication Code. Error
> code: SSL_ERROR_BAD_MAC_READ
In case this error occurs with a chacha-poly cipher suite,
the following PR probably has a fix:
Please see also GitHub issue #4154, in particular
https://github.com/openssl/openssl/issues/4154#issuecomment-552838141
On Tue, Nov 12, 2019 at 3:00 AM Michael Richardson wrote:
> On 2019-11-12 7:38 a.m., Patrick Herbst wrote:
> > If i setup a DTLS server, the client can connect once and send
> > messages find. but if the client restarts and tries to send data, the
> > server hangs on SSL_read.
>
> How are you
Thanks for all the useful device. I was able to get the server to accept
this client hello message.
TLSv1.3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 257
Handshake Protocol: Client Hello
Handshake Type:
On Tue, Nov 12, 2019 at 01:13:49PM -0700, Phil Neumiller wrote:
> Thanks for all the useful device. I was able to get the server to accept
> this client hello message.
If you're willing/able to share, it can be useful for us to know what products
are buggy in that they don't implement extensions
On Tue, Nov 12, 2019 at 9:07 AM Michael Richardson wrote:
>
> so you are showing me your server code, correct, and this is for DTLS,
> right?
> Do you call DTLSv1_accept()?
Yes, DTLS. There is no DTLSv1_accept. SSL_accept should work because
it is based on 'method' and underlying BIO. I left
Thanks Tomas,
I will try that.
On Tue, Nov 12, 2019 at 3:14 AM Tomas Mraz wrote:
> On Mon, 2019-11-04 at 17:34 -0500, Jason Qian via openssl-users wrote:
> > Hi
> >
> >We have an application that does the Diffie Hellman key exchange
> > (OpenSSL/1.1.0f).
> >It works fine, but under
On 2019-11-12 9:30 p.m., Patrick Herbst wrote:
> On Tue, Nov 12, 2019 at 3:00 AM Michael Richardson wrote:
>> Close the UDP socket on the client and open a new one to get a new
>> source port.
>> Does that work? I'm not terribly happy with this solution, but it does
>> match what TCP would do.
Hello,
I'm trying to implement the new Russian GOST CMS specification. It uses the
key wrap algorithm described here:
https://tools.ietf.org/html/draft-smyshlyaev-tls12-gost-suites-06#section-8.2
I've implemented the algorithm as a cipher with the EVP_CIPH_WRAP_MODE flag.
It seems to me that
On Mon, 2019-11-04 at 17:34 -0500, Jason Qian via openssl-users wrote:
> Hi
>
>We have an application that does the Diffie Hellman key exchange
> (OpenSSL/1.1.0f).
>It works fine, but under heavy loaded conditions, sometimes an
> invalide secret been generated and other side couldn't
On Tue, Nov 12, 2019 at 03:08:19PM -0700, Phil Neumiller wrote:
> I find the comment below about TLS 1.3 troubling.
[...]
> */*
> * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test
> it
> * for TLSv1.2 for now until we add a new API.
> */*
>
H,
This is my method for using external PSKs with the openssl tool. Does this
appear correct? The application darta seems to be exchanged and if I change
a PSK it will fail. I *think* this is correct...
Server side:
PSK=b2c9b9f57ef2fbbba8b624070b301d7f278f1b39c352d5fa849f85a3e7a3f77b
I find the comment below about TLS 1.3 troubling.
static int test_set_sigalgs(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
const sigalgs_list *curr;
int testctx;
/* Should never happen */
if
So I posted this question over at stackoverflow (
https://stackoverflow.com/questions/58771714/compiling-c-and-c-with-single-makefile)
but the gist of it is as follows:
I am trying to statically link libssl.a and libcrypto.a into a static
library of my own which I will be using in an application
On 2019-11-12 7:38 a.m., Patrick Herbst wrote:
> If i setup a DTLS server, the client can connect once and send
> messages find. but if the client restarts and tries to send data, the
> server hangs on SSL_read.
How are you handling the sockets on the server?
If you are creating a new 5-tuple
15 matches
Mail list logo
