[gnutls-dev] Possible bug in GnuTLS AES/SHA1

James Westby jw+debian at jameswestby.net
Mon Jan 8 23:32:22 CET 2007

Apologies for posting again so quickly, but I remembered something else
that I wanted to mention in the mail.

When opening the tcpdumps in wireshark there is a breakdown of the
handshake. Wireshark interprets it like this (without the version
negotiation patch applied):

  Server                 Client

                        Hello (SSL3.0 and TLS1.0) no compression
                        13 cipher suites
                        0x0035 0x002f 0x000a 0x0016 0x0013 0x0005 0x0004
                        0x0009 0x0012 0x0008 0x0003 0x0011 0x0014

Hello (TLS1.0) no compression

Certificate, Certificate request, Hello done

                        Certificate (none)

                        Client key exchange, Change cipher spec,
                        Encrypted handshake

Change cipher spec

Encrypted handshake

                        Encrypted alert (Bad record MAC).

Which reads reasonable to me.

As for debugging the actual data on the wire I'm not sure of the best
approach for doing this.



  James Westby   --    GPG Key ID: B577FE13    --     http://jameswestby.net/
  seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256

More information about the Gnutls-devel mailing list