Hi,
I met one problem when using OpenSSL1.1.0f with protocol TLSv1.
In brief, when using TLSv1, after server side received encrypted data, and
after function tls1_enc finished, the decrypted data is not put in result
buffer, after another tls1_enc, the decrypted data is put in result buffer.
While TLSv1.1/TLSv1.2 needs only one tls1_enc.
The way to reproduce it is quite simple:
1.some preparation: openssl req -x509 -newkey rsa:2048 -keyout key.pem -out
cert.pem -days 365 -nodes
2.start server: openssl s_server -key key.pem -cert cert.pem -accept 44330
-www
it's better to start server with gdb, and set breakpoints at tls1_enc,
then continue to run.
3.openssl s_client -connect localhost:44330 -tls1 -debug
After the client is started, the server side will stop at breakpoint, do
several "c" to make it continue to run to wait for client's messages
Then at client side, type a simple "hello" message and press Enter. Then
server side will stop at tls1_enc, the input data is same as encrypted data
from client side, but after Evp_Cipher and some pad removing, the decrypted
data length is 0. After another tls1_enc, the decrypted data "hello" is put
in the result buffer.
But if client use -tls11 or -tls12, the decrypted "hello" is put in the
result buffer after the first tls1_enc.
Could anyone explains why the behavior of decryption is different between
TLSv1 and TLSv1.1/TLSv1.2?
Thanks.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
