Hello dragos, Thanks for the input. The MAC generation mentioned below works alright for MAC generation of Client/server hanshake finished messages. However for the MAC generation for the TLS app data this is not working. Any pointers on what could be wrong? Regards, Avinash
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of dragos liciu Sent: Thursday, September 16, 2004 12:07 AM To: [EMAIL PROTECTED] Subject: Re: TLS application data MAC Hi Avinash, The paragraph you mentioned is little bit vague, better look at 6.2.3.1 from the same RFC; below is a fragment from 6.2.3.1 paragraph: .................. The MAC is generated as: HMAC_hash(MAC_write_secret, seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length + TLSCompressed.fragment)); where "+" denotes concatenation. ..................... The "two fixed character strings" are 'type' and 'version'; I implemented it (in C++) just as specified above and it works. Dragos. __________________________________ Do you Yahoo!? Y! Messenger - Communicate in real time. Download now. http://messenger.yahoo.com <http://messenger.yahoo.com> ______________________________________________________________________ OpenSSL Project http://www.openssl.org <http://www.openssl.org> User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]