Hello,
> I have been using wireshark(0.99.3) to analyse ssl data flows to try to
> track down an issue where our SSL server(0.9.7d based) somehow gets
> corrupted and degrades over a period of time to the point where all ssl
> handshakes result in fatal alerts of "bad record mac". When analysing a
> capture taken before the corruption occurs using wireshark it tells me there
> are a few malformed packets. One such example is:
> data Packet 1 from client:
> Secure Socket Layer
> SSLv3 Record Layer: Handshake Protocol: Client Hello
> Content Type: Handshake (22)
> Version: SSL 3.0 (0x0300)
> Length: 97
> Handshake Protocol: Client Hello
> Handshake Type: Client Hello (1)
> Length: 93
> Version: SSL 3.0 (0x0300)
> Random.gmt_unix_time: Oct 17, 2006 14:11:14.000000000
> Random.bytes
> Session ID Length: 32
> Session ID (32 bytes)
> Cipher Suites Length: 22
> Cipher Suites (11 suites)
> Compression Methods Length: 1
> Compression Methods (1 method)
> Compression Method: null (0)
>
> data packet 2, from server:
> Secure Socket Layer
> SSLv3 Record Layer: Handshake Protocol: Server Hello
> Content Type: Handshake (22)
> Version: SSL 3.0 (0x0300)
> Length: 74
> Handshake Protocol: Server Hello
> Handshake Type: Server Hello (2)
> Length: 70
> Version: SSL 3.0 (0x0300)
> Random.gmt_unix_time: Oct 17, 2006 14:10:16.000000000
> Random.bytes
> Session ID Length: 32
> Session ID (32 bytes)
> Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
> Compression Method: null (0)
> SSLv3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
> Content Type: Change Cipher Spec (20)
> Version: SSL 3.0 (0x0300)
> Length: 1
> Change Cipher Spec Message
> SSLv3 Record Layer: Handshake Protocol: Encrypted Handshake Message
> Content Type: Handshake (22)
> Version: SSL 3.0 (0x0300)
> Length: 56
> Handshake Protocol: Encrypted Handshake Message:
>
> data packet 3 from client (malformed):
> Secure Socket Layer
> SSLv3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
> Content Type: Change Cipher Spec (20)
> Version: SSL 3.0 (0x0300)
> Length: 1
> Change Cipher Spec Message
> SSLv3 Record Layer: Handshake Protocol: Client Hello
> Content Type: Handshake (22)
> Version: SSL 3.0 (0x0300)
> Length: 56
> Handshake Protocol: Client Hello
> Handshake Type: Client Hello (1)
> Length: 4022620
> Version: Unknown (0xae45)
> Random.gmt_unix_time: Not representable
> Random.bytes
> Session ID Length: 186
In this dump we have situation where client tries to reuse
already negotiated session.
SSL packet flow should be:
CLIENT SERVER
ClientHello ->
<- ServerHello
<- ChangeCipherSpec
<- Finished (encrypted)
ChangeCipherSpec ->
Finished (encrypted) ->
but client after ChangeCipherSpec sends really malformed
(and out of order) ClientHello.
Length of any SSL handshake packet should be not bigger than
2^14 and session length should be 0-32 bytes.
My proposition is first to disable session caching, for example:
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
and then look if it helps.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
