I have an Ubuntu box running net-snmp 5.7.1 which I have modified to support
ecdsa and sha384. I have an embedded application running net-snmp 5.6.1.1
which has had the same modification performed and openssl-1.0.1. The Ubuntu
net-snmp is configured with the joe-cool certificates from the net-snmp tls
tutorial. The embedded net-snmp has a self-signed cert of type
ecdsa-with-sha384.
At a terminal window on the Ubuntu machine, I enter the following commands:
net-snmp-cert -t remote import remote.crt
snmpget -u rco -l authPriv -x AES -X 'asdASD12!@' -a SHA -A 'asdASD12!@' -T
our_identity=tutorial-joecool -T their_identity=remote -t 10 tls:192.168.1.141
sysUpTime.0
Wireshark has been used to analyze the message exchange. It has been
configured with the private keys for both entities. It shows the following
message exchange (tcp acks removed):
Ubuntu send Client Hello
Embedded sends Server Hello, Certificate, Certificate Request, Server Hello Done
Ubuntu sends Certificate, Client Key Exchange
Ubuntu sends Certificate Verify, Change Cipher Spec, Encrypted Handshake Message
Embedded sends New Session Ticket, Change Cipher Spec, Encrypted Handshake
Ubuntu sends Application Data
Embedded sends Encrypted Alert with code 21 (Decryption Failed)
Ubuntu sends Encrypted Alert with code 21 (Decryption Failed)
I am trying to track down the cause of the Encrypted Alert message. In reading
the RFCs I expected to see a Server Key Exchange message but it seems to be
missing.
Any thoughts/suggestions on the direction I should take for tracking this down
will be greatly appreciated.
Thomas Stone
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users