Hello, > > But what can be the reason for bad key. Can it be that > client encrypted with a different session key and the server is > decrypting with another session's key. This may happen for example when memory regions witch holds this keys are damaged ... > Mostly we are seeing this fault when fresh negotiation happens. This may happen when there are some implementation dependent incompatibilities. For example in TLS1 padding may be up to 255 bytes, in SSL3 padding should be up to cipher block size. OpenSSL in SSL3 and TLS1 mode sends padding which is not bigger then cipher block size but GnuTLS almost always sends in TLS1 padding which is much bigger then cipher block size. If SSL implementation is not prepared to service such padding then you may get padding error message. But here may me much more situations when you can get this error too. I suggest to add SSL_CTX_set_options(ctx,SSL_OP_ALL) to your client to workaround most of them.
Next you may try to connect to server with: openssl s_client -connect host:port -msg -debug -state and check what will happen. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]