[gnutls-dev] Possible bug in GnuTLS AES/SHA1

Tue Jan 9 08:50:04 CET 2007

James Westby <jw+debian at jameswestby.net> writes:

> Apologies for posting again so quickly, but I remembered something else
> that I wanted to mention in the mail.
>
> When opening the tcpdumps in wireshark there is a breakdown of the
> handshake. Wireshark interprets it like this (without the version
> negotiation patch applied):
>
>   Server                 Client
>
>                         Hello (SSL3.0 and TLS1.0) no compression
>                         13 cipher suites
>                         0x0035 0x002f 0x000a 0x0016 0x0013 0x0005 0x0004
>                         0x0009 0x0012 0x0008 0x0003 0x0011 0x0014
>
> Hello (TLS1.0) no compression
> 0x002f TLS_RSA_WITH_AES_128_CBC_SHA
>
> Certificate, Certificate request, Hello done
>
>                         Certificate (none)
>
>                         Client key exchange, Change cipher spec,
>                         Encrypted handshake
>
> Change cipher spec
>
> Encrypted handshake
>
>                         Encrypted alert (Bad record MAC).
>
>
>
> Which reads reasonable to me.

Me to... you'd might want to compare that with a OpenSSL server
configured for similar settings.

> As for debugging the actual data on the wire I'm not sure of the best
> approach for doing this.

Using wireshark and comparing between two sessions, one that work, and
one that doesn't, and look for differences, is the only I can think
of...  there are some TLS dump tools around, but none as versatile as
wireshark + RFC + pen&paper.

/Simon