-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Nelson,
On 05/04/2010 03:11 AM, Nelson B Bolyard wrote: > On 2010-05-03 12:58 PST, Ramon de Carvalho Valle wrote: >> I'm having problems with my PKCS #11 implementation and mod_nss. The >> requests using SSLv3 protocol fails with bad_record_mac (20). I think >> the problem is in client_key_exchange (16), and > > OK, that's a possibility, one of many. > >> I would like to know if >> both TLSv1 and SSLv3 protocols use the PKCS #1 Encryption-block >> formatting according to RFC 2313: >> >> EB = 00 || BT || PS || 00 || D . > > Yes, they both do, when the key exchange algorithm is RSA. Yes, in this case, the key exchange algorithm is RSA. > >> SSLTAP shows the ClientKeyExchange message length in client_key_exchange >> (16) is 130 (0x82) for TLSv1 and 128 (0x80) for SSLv3. > > Yes, that is a difference between the two protocol versions. > > TLS encodes the encrypted pre-master secret with an additional explicit > length. SSL 3.0 does not. That additional explicit length takes 2 bytes. > Do you know if this additional explicit length should be handled by my PKCS #11 implementation when SSLv3 protocol is used or if it is handled by mod_nss/NSS library? Best regards, - -- Ramon de Carvalho Valle Software Engineer IBM Linux Technology Center E-Mail: rcva...@linux.vnet.ibm.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvgFgkACgkQGIS0iEuhp4NRdwCg0HySNBBJ01bgX6gI3cCBL3O7 vuoAn1yR5ZYpXcuq2Q/YkZ2KcLD+Zb7RiEYEARECAAYFAkvgFgkACgkQkcIYeh81 wLlRdwCfYop1FJYX+xHGHhjS/LktMUymZOkAn2yv3dk3OgMZdenV4kdGuFb8uKYt =x8S1 -----END PGP SIGNATURE----- -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
