If you have access to that server's private key - you can also try "wireshark"ing their conversation to look at what is actually happening. (video: http://www.youtube.com/watch?v=vQtur8fqErI )
Padding can't be really an issue, since all blocks should be automatically padded. Cheers, Fedor. On Sat, Jan 5, 2013 at 9:27 PM, Ben Noordhuis <[email protected]> wrote: > On Sat, Jan 5, 2013 at 5:49 PM, Mike Pilsbury <[email protected]> > wrote: > > I'm having some problems with secure connections in my implementation > > (tedious) of TDS. Under some conditions I don't get any response from the > > SQL Server instance to a TDS login packet sent to it. > > > > If I use RC4-MD5 everything works fine. However if I use DES-CBC3-SHA > then I > > experience the absence of a response from the server. > > Enabling tls and net debug (NODE_DEBUG="tls net") sheds some light on the > > problem, assuming that I'm interpreting the messages correctly. > > > > When using DES-CBC3-SHA, the data (for the TDS Login packet) is written > to > > the cleartext stream, but nothing seems to come out of the encrypted > stream. > > As this is a block cipher, I'm guessing that the problem is that there's > not > > enough data to complete a block. > > If that's the case, how can I tell the cleartext stream to 'flush' the > data, > > and result in a padded-out block to be encrypted and written? > > > > Bear in mind that there will be more requests sent over the same > connection > > once the response has been received. So closing the stream and the TCP > > connection isn't practical. > > > > Should BIO_flush be involved somewhere in node_crypto.cc? > > > > Is it even a reasonable expectation to be able to use a block cipher for > a > > request/response protocol like TDS? Is the problem really likely to be > > anything to do with stream vs. block ciphers? > > > > If this is all rubish, and I'm barking up the wrong tree, What should my > > next steps in understanding the problem be? > > Disclaimer: I know next to nothing of the inner workings of MSSQL or TDS. > > When you mention RC4-MD5 and DES-CBC3-SHA, do you mean the TLS cipher > or something on top of that? (I assume the former but I ask just in > case.) > > node.js uses PKCS7 padding by default; if a block is too short, it gets > padded. > > As a quick sanity check, what happens when you call > `cleartext.pair.cycle()` after writing out the login packet? > > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
