case 1:
SSL3_GET_RECORD:decryption failed or bad record mac
I am using wpa_supplicant 0.4.8 on Windows XP. With the exactly the same
configuration, on some computers the TTLS/MSCHAPV2
consistently fails with error "SSL3_GET_RECORD:decryption failed or bad
record mac". With other computers, I get success consistently.
I have searched over the internet. It seems the problem is with OpenSSL
library. The OpenSSL version I am using is openssl-0.9.7d. I am
wondering if anyone knows about any fix or workaround for this problem.
Jan 12 12:45:41.921875: SSL: SSL_connect:error in SSLv3 read finished A
Jan 12 12:45:41.921875: OpenSSL: tls_connection_handshake - SSL_connect
error:14
08F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
case 2:
decryption failed or bad record mac
----
Openssl version: 0.9.8a
Objective: secure FTP (SFTP) w/o pasv
Everything works with self signed cert if client that is going to connect is located ONLY on the same subnet.
If I try to connect a client to the server from outside the subnet, ie. internet client user, I get a "decryption failed or bad record mac" error.
Scenario:
client (public ip) tries to connect to server (non-route able ip on DMZ with public IP forwarded). Won't work.
client (non-route able ip on DMZ) tries to connect to server. Does work.
Is there a mechanism inside OpenSSL that doesn't allow cert pass through if client isn't on the same subnet? Is this a bug?
----
Please test against 0.9.8h; 0.9.8a is nearly 3 years old at this point.
-Kyle H
-----
FIXED
Was a problem with smart defense center altering the packet. Thanks for the quick reply.
http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Introduction
分享到:
相关推荐
SSL handshake failed
解决webMagic0.7.3 出现javax.net.ssl.SSLException: Received fatal alert: protocol_version的问题-附件资源
qt.network.ssl: QSslSocket: cannot resolve SSL_CONF_CTX_set_ssl_ctx qt.network.ssl: QSslSocket: cannot resolve SSL_CONF_CTX_set_flags qt.network.ssl: QSslSocket: cannot resolve SSL_CONF_CTX_finish qt....
在Java的网络编程中,SSL(Secure Socket Layer)和TLS(Transport Layer Security)协议用于确保数据传输的安全性,提供加密通信以及服务器身份验证。然而,当你遇到“javax.net.ssl.SSLException: java.lang....
加密是报:javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair 此处提供 bcprov-ext-jdk15on-154.jar 和 bcprov-jdk15on-154.jar 压缩包中有使用说明
在连接建立后,会执行SSL握手,这是通过调用`handshake`函数完成的,该函数有客户端模式(`boost::asio::ssl::stream_base::client`)。 一旦握手成功,客户端就可以通过`write`和`read_some`操作进行数据的发送和...
SSL certificate problem: unable to get local issuer certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure的一个解决方案-附件资源
qt.network.ssl: QSslSocket::connectToHostEncrypted: TLS initialization failed 网上很多说法是libeay32.dll和ssleay32.dll复制到可执行文件里,这个只是解决在Qt Creator下编译运行可以,单独打包不运行...
示例用Delphi的Indy控件,试过用163或139邮箱发送,可以用普通端口25或SSL端口发送,可以发送附件。 内含2002年的ssleay32.dll和libeay32.dll,其它版本可能会报错“Could not load SSL library”。 smtp.163.com ...
在Java编程中,`javax.net.ssl.SSLHandshakeException` 是一个常见的错误,通常发生在进行安全套接层(SSL)或传输层安全(TLS)协议握手时出现问题。这个异常通常是由于客户端和服务器之间的证书不匹配、信任锚点...
SSL Handshake Failed(处理方案).md
标题“SSL_handshake_with_two_way_authentication_with_certificates”直译为“采用证书的双向认证下的SSL握手”。这一标题明确指出本文将聚焦于SSL(Secure Sockets Layer,安全套接层)或其后续版本TLS...
验证SSL证书的类 此软件包提供的类使查询ssl证书上的属性变得异常容易。 我们有三种选择来获取证书。 这是一个例子: use Spatie \ SslCertificate \ SslCertificate ; // fetch the certificate using an url $ ...
本文将详细介绍如何使用openssl工具生成单向SSL证书,以及如何将其应用于基于Boost.Asio库的SSL通讯测试。 首先,让我们了解什么是单向SSL认证。在单向SSL认证中,服务器验证其身份给客户端,但客户端无需向服务器...
本压缩包包含一个名为`ssl_dos.c`的源代码文件,这可能是一个用于模拟或研究SSL DOS攻击的程序。 **SSL/TLS协议**:SSL(Secure Socket Layer)和TLS(Transport Layer Security)是互联网上保障数据安全传输的两种...
【标题】"SslClient:简单的 Java SSL 客户端" 在网络安全日益重要的今天,SSL(Secure Socket Layer)和它的继任者TLS(Transport Layer Security)已成为数据加密和身份验证的标准。Java作为广泛使用的编程语言,...
通常,我们使用`boost::asio::ssl::context::sslv23`或`boost::asio::ssl::context::tlsv12`作为协议类型,并调用`use_certificate_chain_file`和`use_private_key_file`方法加载证书链文件和私钥文件。 服务器的...
SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, trustAllCerts, new SecureRandom()); SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext...