On Fri, Apr 21, 2000 at 06:37:41PM -0400, Andrei Vvedenski wrote:
> What is the difference between
> SSLv2_client_method()
> and
> SSLv23_client_method() with
> SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3 options
>
> I assumed these should be the same, but
> SSLv2_client_method() works fine and
> SSLv23_client_method() returns with error
> "bad mac decode @ SSLv2 read server verify A"
Both should work equally well, but ...
> Site: https://custos.earthlink.net
... connecting to this site fails with SSLv23_client_method() with the
above options -- it seems that for some reason incorrect keys is used
for decryption (and, possibly, for MACs). I assume that the error is
in OpenSSL because I don't see how a server bug
(Netscape-Enterprise/3.5.1I) could be triggered by s23_clnt.c as the
handshake looks as in the SSLv2_client_method() case. The problem
could be in ssl2_enc_init() or in any functions that generate or fail
to generate something that ssl2_enc_init() and, especially,
ssl2_generate_key_material() depend on -- debugging stuff that
involves pseudo-random functions is usually complicated because you
have to trace back everything. I haven't yet managed to find the
problem in OpenSSL. (I also haven't verified whether the server really
follows the protocol -- this is even more difficult to debug because
you cannot tell what its MAC and encryption keys look like, you only
can see that they probably aren't the ones that the OpenSSL client
thinks they should be.)
s_client command lines for testing (the first one fails, the second
one succeeds):
openssl s_client -connect custos.earthlink.net:443 -no_ssl3 -no_tls1 -state -debug
-cipher DES-CBC3-MD5
openssl s_client -connect custos.earthlink.net:443 -no_ssl3 -no_tls1 -state -debug
-cipher DES-CBC3-MD5 -ssl2
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
