`
Jony.Hwong
  • 浏览: 116900 次
  • 来自: ...
社区版块
存档分类
最新评论

SSL Handshake :Bad Record Mac

阅读更多
case 1:

SSL3_GET_RECORD:decryption failed or bad record mac

I am using wpa_supplicant 0.4.8 on Windows XP. With the exactly the same
configuration, on some computers the TTLS/MSCHAPV2
consistently fails with error "SSL3_GET_RECORD:decryption failed or bad
record mac". With other computers, I get success consistently.

I have searched over the internet. It seems the problem is with OpenSSL
library. The OpenSSL version I am using is openssl-0.9.7d. I am
wondering if anyone knows about any fix or workaround for this problem.

Jan 12 12:45:41.921875: SSL: SSL_connect:error in SSLv3 read finished A
Jan 12 12:45:41.921875: OpenSSL: tls_connection_handshake - SSL_connect
error:14
08F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

case 2:

decryption failed or bad record mac

----
Openssl version: 0.9.8a
Objective: secure FTP (SFTP) w/o pasv

Everything works with self signed cert if client that is going to connect is located ONLY on the same subnet.

If I try to connect a client to the server from outside the subnet, ie. internet client user, I get a "decryption failed or bad record mac" error.

Scenario:
client (public ip) tries to connect to server (non-route able ip on DMZ with public IP forwarded). Won't work.
client (non-route able ip on DMZ) tries to connect to server. Does work.

Is there a mechanism inside OpenSSL that doesn't allow cert pass through if client isn't on the same subnet? Is this a bug?

----
Please test against 0.9.8h; 0.9.8a is nearly 3 years old at this point.

-Kyle H

-----
FIXED

Was a problem with smart defense center altering the packet. Thanks for the quick reply.

http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Introduction
分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics