Hi all, 

I'm developing support for TLS 1.1 and 1.2 in a radius-server that until now 
only handles TLS 1.0. I'm testing with a testtool that the vendor says is
using OpenSSL to implement the TLS support. It all seems to work except for the 

When all key exchange messages are sent from the server and back from the 
client the client sends the "Finished" message which 
is the first encrypted with the negotiated symmetric cipher suite. I use 
AES-128 in block mode and according to the spec (RFC4346 for TLS 1.1) 
the IV is prepended to the encrypted message (containing the payload, MAC and 
padding). The message size i right and when (in the server) I use the first 16 
of the message received from the client as IV the decryption fails but when I 
use the mechanism from TLS 1.0 to pick up the IV from 
the key_block the decryption is successful. I understand that this is one way 
to generate the IV that I suppose you use which is fine but 
shouldn't this 16 byte vector be prepended, unecrypted, to the encrypted data 
that is sent to the server? In TLS 1.2 there is not IV material generated 
at all in the key_block so in that case I don't even know where to find it. 

The simple question is, shouldn't the first 16 bytes (assuming AES) of the 
message (after the 5 byte header) be the unencrypted IV to be used in the 
decryption of the rest of the message? 

I tried to dig in to the OpenSSL source but it's far too long ago I did some 
serious C coding so I hope someone with a working knowledge can enlighten me. I 
might have
misunderstood the spec but in that case I would be grateful if someone could 
clarify this specific part of it. 

Curt Johansson
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to