Hello,
>
> But what can be the reason for bad key. Can it be that
> client encrypted with a different session key and the server is
> decrypting with another session's key.
This may happen for example when memory regions witch holds
this keys are damaged ...
> Mostly we are seeing this fault when fresh negotiation happens.
This may happen when there are some implementation dependent
incompatibilities. For example in TLS1 padding may be up to 255
bytes, in SSL3 padding should be up to cipher block size.
OpenSSL in SSL3 and TLS1 mode sends padding which is not bigger
then cipher block size but GnuTLS almost always sends in TLS1
padding which is much bigger then cipher block size.
If SSL implementation is not prepared to service such padding
then you may get padding error message.
But here may me much more situations when you can get this error too.
I suggest to add
SSL_CTX_set_options(ctx,SSL_OP_ALL)
to your client to workaround most of them.
Next you may try to connect to server with:
openssl s_client -connect host:port -msg -debug -state
and check what will happen.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
