Re: bad mac decode?

[Erik Aronesty]

----- Original Message -----   I found this message in the archive.    This is the same behaviour I am experiencing.    When connecting to www.kohlpcaking.com on port 443 using sslv23 method we get a bad MAC decode... however when connectin using ssl3 only - we get a good connection.       ----- Original Message ----- From: Seth Robertson <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, July 14, 1999 6:04 PM Subject: Cannot SSL23 negotiate with several https sites > > Versions: >   OpenSSL 0.9.1c 23-Dec-1998 >   SSLeay 0.9.0b 29-Jun-1998 >   > Platforms: >   BSD/OS 2.1 >   SunOS 4.1.4 > > Compiler: >   gcc 2.7.2.1 > > Problem: >   When attempting to connect using the sample client to www.amazon.com >   (Netscape-Commerce/1.12) the SSLconnect fails.  However, when the >   sample client is specifically hardcoded to ssl2 instead of the >   default ssl23, the connection succeeds.  This also happens with >   www.borders.com (Netscape-Enterprise 2.01) > >   I get a different failure for a simular reason with www.kmart.com >   (Microsoft-IIS/3.0).  > >   Strangely, icob.chase.com is also Netscape-Enterprise 2.01 but works. > >   I could believe that these are errors in their implementation, >   but I thought you should be made aware. > >   -------------------------------------------------- > Fails> ./ssleay  s_client -connect www.kmart.com:443 > 10566:error:140790E3:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:224: > Works> ./ssleay  s_client -ssl2 -connect www.kmart.com:443 >   -------------------------------------------------- > >   -------------------------------------------------- > Fails> ./ssleay  s_client -connect www.amazon.com:443 > 12026:error:1407D071:SSL routines:SSL2_READ:bad mac decode:s2_pkt.c:233: > Works> ./ssleay  s_client -ssl2 -connect www.amazon.com:443 >   -------------------------------------------------- > >   -------------------------------------------------- > Fails> ./ssleay  s_client -connect www.borders.com:443 > 12053:error:1407D071:SSL routines:SSL2_READ:bad mac decode:s2_pkt.c:233: > Works> ./ssleay  s_client -ssl2 -connect www.borders.com:443 >   -------------------------------------------------- >   >   -------------------------------------------------- > Works> ./ssleay  s_client -connect icob.chase.com:443 >   -------------------------------------------------- > > -Seth Robertson > [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project                                 http://www.openssl.org > Development Mailing List                       [EMAIL PROTECTED] > Automated List Manager                           [EMAIL PROTECTED] > >   ----- Original Message ----- From: Erik Aronesty To: [EMAIL PROTECTED] Sent: Friday, December 17, 1999 12:26 PM Subject: bad mac decode? More verify woes:,   On a Win32 build (after passing all of the tests!), I connect to this site (which works on all browsers), and it fails.  This never used to fail in the older (0.9.3) builds.  Am I missing something obvious?   D:\devl\openssl\out32>openssl.exe s_client -connect www.kohlpacking.com:443 CONNECTED(0000005C) depth=0 /C=US/ST=Ohio/L=Cincinnatti/O=Kohl Packing, Inc./CN=www.kohlpacking.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=Ohio/L=Cincinnatti/O=Kohl Packing, Inc./CN=www.kohlpacking.com verify error:num=21:unable to verify the first certificate verify return:1 661:error:1408F071:SSL routines:SSL3_GET_RECORD:bad mac decode:.\ssl\s3_pkt.c:34 1:                                             - Any ideas???