On Sat, Jan 5, 2013 at 5:49 PM, Mike Pilsbury <[email protected]> wrote: > I'm having some problems with secure connections in my implementation > (tedious) of TDS. Under some conditions I don't get any response from the > SQL Server instance to a TDS login packet sent to it. > > If I use RC4-MD5 everything works fine. However if I use DES-CBC3-SHA then I > experience the absence of a response from the server. > Enabling tls and net debug (NODE_DEBUG="tls net") sheds some light on the > problem, assuming that I'm interpreting the messages correctly. > > When using DES-CBC3-SHA, the data (for the TDS Login packet) is written to > the cleartext stream, but nothing seems to come out of the encrypted stream. > As this is a block cipher, I'm guessing that the problem is that there's not > enough data to complete a block. > If that's the case, how can I tell the cleartext stream to 'flush' the data, > and result in a padded-out block to be encrypted and written? > > Bear in mind that there will be more requests sent over the same connection > once the response has been received. So closing the stream and the TCP > connection isn't practical. > > Should BIO_flush be involved somewhere in node_crypto.cc? > > Is it even a reasonable expectation to be able to use a block cipher for a > request/response protocol like TDS? Is the problem really likely to be > anything to do with stream vs. block ciphers? > > If this is all rubish, and I'm barking up the wrong tree, What should my > next steps in understanding the problem be?
Disclaimer: I know next to nothing of the inner workings of MSSQL or TDS. When you mention RC4-MD5 and DES-CBC3-SHA, do you mean the TLS cipher or something on top of that? (I assume the former but I ask just in case.) node.js uses PKCS7 padding by default; if a block is too short, it gets padded. As a quick sanity check, what happens when you call `cleartext.pair.cycle()` after writing out the login packet? -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
