I'm adding TLS support to Protekt, a java implementation of SSL. I'm using
OpenSSL 0.9.4 for interoperability testing.
At the moment I'm verifying that I haven't broken SSL3 support.
Using Protekt as a client, and "openssl s_server -ssl3" as the server, I
get the following from OpenSSL.
SSL3 alert write:fatal:handshake failure
SSL3 alert write:fatal:handshake failure
SSL_accept:error in SSLv3 read certificate verify A
ERROR
128:error:14086081:SSL routines:SSL3_ENC:block cipher pad is
wrong:s3_enc.c:406:
Line numbers may be different as i have added some debugging code.
Doing some digging around I noticed that the version I send as part of the
Pre Master Secret causes the error.
I am sending version 3.1, but OpenSSL seems to compare this to the Session
version (3.0) and generates a random
Pre Master Secret and continues (as if the decryption failed).
According to the TLS spec (January 1999):
7.4.7.1 RSA encrypted pre master secret message
Client Version:
The latest (newest) version supported by the client. <snip> the server
should check that this value matches
the value transmited by the client in the client hello message.
Because the client is sending 3.1 in the client hello, it is my
understanding of the spec that the Pre Master should start with 3.1.
The code that I believe is in error is (in s3_srvr.c)
if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
((p[0] != (s->client_version>>8)) ||
(p[1] != (s->client_version & 0xff))))
Yuri Schimke
Forge Research
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
