Hi,
Actually, AES is by default implemented in CBC (Cipher Block Chaining
)mode in TLSv1. Refer RFC 3268.
Since the encryption is done in CBC mode, you will not get the same
encrypted text for identical plain text.
--lakshmi prasanna
On Tue, Jun 17, 2008 at 10:58 AM, jimmy bahuleyan
[EMAIL
Yup, that solves it.
Another matter that's been troubling me is the output that I get when I run
the s_server program with the debug option. At the end of the handshake,
when the server sends the Finished Packet to the client, the following
packet dump is obtained.
write to 099EB570 [099FADC0]
Hi,
Actually, the Handshake Message becomes the data for record protocol.
so the Handshake message for Finished message contains a header that
has 20 in the type field to indicate Finished message. This Handshake
message including the Header and Data, is encrypted using the keys
generated during
Hello,
[EMAIL PROTECTED] wrote on 06/17/2008 02:11:14 PM:
Yup, that solves it.
Another matter that's been troubling me is the output that I get when I
run the s_server
program with the debug option. At the end of the handshake, when the
server sends the
Finished Packet to the client,
Hi,
I do know for a fact that part of the Finish message is encrypted. My
question was actually if the Message type field is also part of the
encrypted part? In which case, as I had pointed out earlier, there is a
chance that the first byte of the encrypted {message_type + message} can be
equal
The whole Finish message, (ie., Handshake protocols Header indicating
this message as Finished message, and the encrypted Data) is encrypted
and sent.
At the other end the packet is decrypted. This decryption is done
because a Change Cipher Spec message has been received before this
message by the
Hello,
[EMAIL PROTECTED] wrote on 06/17/2008 03:21:08 PM:
Hi,
I do know for a fact that part of the Finish message is encrypted. My
question was
actually if the Message type field is also part of the encrypted part?
In which case, as
I had pointed out earlier, there is a chance that the
Hi,
While observing some packet dump, I noticed that while sending the same
application data over twice, different packet dumps were obtained in both
cases. This was done in the same SSL session, so the connection keys being
used are all the same. Is this expected behavior or am I reading the
Hi,
If you are using Stream Cipher or CBC mode block cipher, then the same
application data will produce different encrypted data, since the two
encryption (cipher) algorithms perform encryption using the previous
block and current block (CBC mode block cipher) or previous stream
data (Stream
Hi,
You mean you are using RSA for encryption???
Normally, this will not be the case. DHE-RSA is used for Key exchange
and/or Authentication but nor for encryption. Just verify the Server
Hello Message you received, it consists a string like
DHE_RSA_WITH_something. The something part indicates
-- Forwarded message --
From: lakshmi prasanna [EMAIL PROTECTED]
Date: Mon, Jun 16, 2008 at 6:06 PM
Subject: Re: Difference in packet contents
To: Vijay Kotari [EMAIL PROTECTED]
Hi,
You can find information on this page
http://developer.mozilla.org/en/docs/Introduction_to_SSL
implementation that uses it.
-Kyle H
On Mon, Jun 16, 2008 at 5:36 AM, lakshmi prasanna [EMAIL PROTECTED] wrote:
-- Forwarded message --
From: lakshmi prasanna [EMAIL PROTECTED]
Date: Mon, Jun 16, 2008 at 6:06 PM
Subject: Re: Difference in packet contents
To: Vijay Kotari [EMAIL
While observing some packet dump, I noticed that while sending
the same application data over twice, different packet dumps
were obtained in both cases.
Good.
This was done in the same SSL session, so the connection keys
being used are all the same. Is this expected behavior or am I
@DS
Nicely put.
So, if I was to try to decrypt/encrypt one of these messages, I would need
the key and the iv and something else? Because if just the key and iv are
sufficient to encrypt/decrypt the data, then how are the different encrypted
messages generated for the same cleartext?
On Tue, Jun
Vijay Kotari wrote:
@DS
Nicely put.
So, if I was to try to decrypt/encrypt one of these messages, I would
need the key and the iv and something else? Because if just the key and
iv are sufficient to encrypt/decrypt the data, then how are the
different encrypted messages generated for the
15 matches
Mail list logo
