This is certainly possible and I'm looking through my code now. But the same library code has been working for ten years on the Mac platform and now I'm porting it over to Windows and Linux.
Any other suggestions are welcome. Graeme -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Thursday, October 03, 2013 4:35 PM To: [email protected]; [email protected] Subject: RE: decryption failed or bad record mac error on SSL connection Hi, The bad MAC (message authentication context) error is OpenSSL detecting a problem with the integrity of your communication layer. Normally this means that your packets are out of order or that you have lost some bytes. Try doing a simple checksum of your encrypted data client and server side. You'll probably find that you've miscalculated a buffer size or something. Maybe you've got some packet fragmentation... David L > Message Received: Oct 03 2013, 07:30 PM > From: "Perrow, Graeme" <[email protected]> > To: "[email protected]" <[email protected]> > Cc: > Subject: decryption failed or bad record mac error on SSL connection > > > I am seeing an error on some SSL connections between two different Windows > machines. Both are using OpenSSL 1.0.1e. The error is: > > 3612:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad > record mac:.\ssl\s3_pkt.c:484: > > This shows up on a connection (the TLS client, if it matters) while > downloading a large amount of data (a 70 MB file). The amount of data I can > send/receive before the error happens differs but is rarely more than about > 400 KB. Some googling showed many reports saying this was related to AES-NI, > and that I should disable it using the OPENSSL_ia32cap environment variable, > but this did not fix the problem. Plus it seems that my version of OpenSSL > should contain the fix anyway. > > I'm using SSLv23_server_method() and SSL23_client_method() on the server and > client respectively. The opts I'm using are SSL_OP_ALL|SSL_OP_NO_SSLv2, and > the ciphers are "AES256-SHA:AES128-SHA:RC4-MD5". > > Anyone know what else might cause this problem or how I can avoid it? > > Graeme Perrow > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
