Dear , the data is client receive application data containing the 24 bytes and the 32 bytes from server.
0000 00 50 c2 0f 5f fe 00 15 58 18 1a 53 08 00 45 00 .P.._... X..S..E. 0010 00 6a 5d 93 40 00 80 06 08 7b c0 0a 0a 68 c0 0a [EMAIL PROTECTED] .{...h.. 0020 0a 03 01 bb c3 8a e7 47 92 f4 08 90 2e 10 50 18 .......G ......P. 0030 42 9f 4b d6 00 00 17 03 00 00 18 31 a5 69 cf fe B.K..... ...1.i.. 0040 53 df 08 4e f6 9b 40 b7 72 0d e8 cf 33 50 18 29 [EMAIL PROTECTED] r...3P.) 0050 5a 64 30 17 03 00 00 20 38 f1 93 21 70 b8 08 c9 Zd0.... 8..!p... 0060 ed 47 09 d8 bd 83 05 80 6d 1e 7e b5 c6 ae 69 9c .G...... m.~...i. 0070 3d 9d 77 4b fb 55 de 4d =.wK.U.M the below data is in server opening the -msg option. $ openssl s_server -accept 443 -cert testserver.pem -CAfile spectra_ca.pem -cip her DES-CBC3-SHA -msg Loading 'screen' into random state - done Using default temp DH parameters Using default temp ECDH parameters ACCEPT bad gethostbyaddr <<< SSL 3.0 Handshake [length 0053], ClientHello 01 00 00 4f 03 00 25 72 dd f8 9f 09 2e fc f1 b5 f7 4b 2a 38 56 5e a0 53 4c 26 af e8 ba 74 17 f0 73 fa 36 14 47 c4 20 98 33 8e 43 8a e9 27 23 29 8f ea 2b 37 5a 61 40 49 6d a2 07 fd 24 45 99 5b 3b 66 30 e0 e2 11 d5 00 08 00 04 00 05 00 0a 00 02 01 00 >>> SSL 3.0 Handshake [length 004a], ServerHello 02 00 00 46 03 00 48 87 02 33 6d 20 3f 1c 83 37 41 1a f0 93 54 94 c5 31 24 5e 33 fe 33 95 3d 7f 95 08 75 49 3b 8b 20 9d 65 6f 41 bc 05 7f 91 ab f7 4e 0b d2 b9 f4 58 91 08 85 e9 a4 7a a6 22 5e 4e f5 7d 15 45 11 09 00 0a 00 >>> SSL 3.0 Handshake [length 03a6], Certificate 0b 00 03 a2 00 03 9f 00 03 9c 30 82 03 98 30 82 02 80 02 09 00 fa 0d e9 7d e3 c8 ef 90 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 63 6e 31 12 30 10 06 03 55 04 08 13 09 67 75 61 6e 67 64 6f 6e 67 31 11 30 0f 06 03 55 04 07 13 08 73 68 65 6e 7a 68 65 6e 31 14 30 12 06 03 55 04 0a 13 0b 73 70 65 63 74 72 61 74 65 63 68 31 0b 30 09 06 03 55 04 0b 13 02 43 44 31 0c 30 0a 06 03 55 04 03 13 03 71 7a 66 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16 17 73 7a 5f 71 75 7a 66 40 73 70 65 63 74 72 61 74 65 63 68 2e 63 6f 6d 30 1e 17 0d 30 38 30 36 31 31 30 31 30 39 30 39 5a 17 0d 31 33 30 36 31 30 30 31 30 39 30 39 5a 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 63 6e 31 12 30 10 06 03 55 04 08 13 09 67 75 61 6e 67 64 6f 6e 67 31 11 30 0f 06 03 55 04 07 13 08 73 68 65 6e 7a 68 65 6e 31 14 30 12 06 03 55 04 0a 13 0b 73 70 65 63 74 72 61 74 65 63 68 31 0b 30 09 06 03 55 04 0b 13 02 43 44 31 0c 30 0a 06 03 55 04 03 13 03 71 7a 66 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16 17 73 7a 5f 71 75 7a 66 40 73 70 65 63 74 72 61 74 65 63 68 2e 63 6f 6d 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 c9 60 b9 29 d3 4b 14 6b d9 ed 95 43 a5 4b 4b 89 aa de ea 62 ac ae 9a b4 24 ab 71 c1 fb 09 9b 92 cb f8 06 34 c7 96 b4 b8 72 66 5b 4a dc cb 7f e4 cb 13 64 7a 4e cf 98 d7 f9 91 2f de e0 36 aa fa 2a 39 ac 6d 86 ea e2 4d cf 6f b0 da c1 59 78 cd e8 57 4e 14 29 f5 51 14 a7 cc e7 da 74 ff 4d b5 73 dc 58 84 21 d1 d9 f4 6f 75 1d f6 a2 2c bc 62 93 1f 90 97 93 25 a0 e7 f2 40 33 66 9f d3 4b 25 2f 4c 94 fd 65 6b 42 a8 d5 a1 72 42 0e 8e 5b c7 85 0a 39 d5 6d 56 27 a2 e9 a5 26 84 c5 c8 ce a7 31 51 78 de 6f fd 80 66 a8 bb a4 86 af 36 b9 ef 22 3a 4b a4 8d 27 b3 63 5a ff 0b 12 13 bd e4 d3 29 83 50 78 6b 59 37 2d 29 8d bd fa f3 d1 77 64 db 79 b6 b1 20 a7 92 a2 5f 88 fb b7 b2 7d 59 f7 63 b1 79 1c 1c 0e 97 ba ff 96 72 ff 03 b3 40 2b dd 9f dd f6 e4 b1 57 be dc d2 d0 7c aa 99 a3 e9 02 03 01 00 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 80 1b 5a d6 77 0c d2 17 ce d1 9b 58 d8 60 32 0c 88 a0 9e 0a 4e e5 a2 60 0e 88 65 03 5c 5e f5 3c 35 49 c0 c6 b2 9d a2 b4 d8 9b 43 b3 2b db e2 60 58 04 fc 3f d3 ad 2b 70 57 92 85 96 d8 c9 4a fa 45 05 2c fc a3 76 ff f3 25 c8 80 4c a7 64 10 7e 8e 4a 21 a6 7c a0 27 a3 4e 48 aa 01 44 b7 fa 28 7b 81 07 be 2a c0 bc 88 46 b3 d6 99 30 e8 ba fe 02 4e e6 e4 c2 e4 6e 8c 12 57 4d 43 f2 0f 87 50 33 69 66 98 fd a4 f7 73 94 e4 8b c5 11 5c 9c 19 17 29 b3 69 bb 68 47 df 22 f6 8e 23 f5 cd 6a 0f 4d 1a 46 37 ee ed f3 f9 3a eb c2 34 8e 5d a5 ea be ce b7 3d fa 3a 40 44 0b 43 f3 80 4d f1 a1 84 d7 33 65 cf c3 33 a2 22 8a fe ec 3b 62 78 a1 7c fe 2e 60 69 d9 bb 4e 98 d9 36 2c 20 7b 6d 39 3e 24 21 b9 d0 8a 29 71 3e 45 2d ea ec 6d 57 0c 44 e3 bd 62 74 31 42 4a 08 33 27 f4 90 ea 52 08 04 >>> SSL 3.0 Handshake [length 0004], ServerHelloDone 0e 00 00 00 <<< SSL 3.0 Handshake [length 0104], ClientKeyExchange 10 00 01 00 62 d4 30 b5 3b 83 79 a4 0d 3d ee eb a0 fc 3c 5d 11 a8 d7 cc 92 97 60 1a 83 c2 b3 16 f2 4c 55 36 8d b3 75 60 47 08 cb 5e 17 6b 3c cf f4 99 bf 49 91 ba 8c ea 9d d5 54 d9 47 6a d0 56 db 9e 64 c1 b9 13 ea d8 21 3a a1 30 dd 06 74 da 67 b7 70 96 e4 be d7 00 f5 09 34 05 52 7f b4 dd 08 c7 4c a5 80 06 45 33 f4 7a aa 47 02 6e 6f 1d be be 84 26 71 84 52 88 e4 d8 09 de f8 a9 c9 73 5e 45 76 40 ea 75 45 85 70 fe 67 29 e5 e9 47 10 87 a4 8d fa e0 7f 13 be 97 74 b4 86 bb a4 2a ea 87 04 ea 97 b6 ed ce f6 2b 10 21 a9 2f 8d 26 81 46 9f a8 b9 20 78 60 d7 6f 3e 9f 54 e5 3d c6 e5 8d df c8 cc 42 ed 69 0f 56 11 f1 8c 2e d3 bb 0c 74 30 25 8a 7a 0d 32 f4 53 21 fa 23 3f 96 23 e9 cb f4 83 9e 51 a9 4a 8a 1a c3 3a ad 11 8b 4c 13 63 43 54 30 f9 f6 8e cc dc df 66 dd 1f 38 e4 70 d8 1c 4d 90 <<< SSL 3.0 ChangeCipherSpec [length 0001] 01 <<< SSL 3.0 Handshake [length 0028], Finished 14 00 00 24 83 1c f4 7e d0 0f c8 f5 4a 96 00 62 52 07 d1 58 f6 c0 62 d4 26 e0 3f 95 58 f6 2f 89 2e 99 5d 42 24 ac 7e b0 >>> SSL 3.0 ChangeCipherSpec [length 0001] 01 >>> SSL 3.0 Handshake [length 0028], Finished 14 00 00 24 00 37 db f3 f9 3a 39 97 57 0f c7 2e 09 9b 35 eb ce 05 8c e6 1f a1 75 29 25 a7 70 66 a2 6e e9 7a ca ad b4 46 -----BEGIN SSL SESSION PARAMETERS----- MHUCAQECAgMABAIACgQgnWVvQbwFf5Gr904L0rn0WJEIhemkeqYiXk71fRVFEQkE ML378r+okGbVD4yf09cY80+DHauG3lietdTufBfSwIhXzfr3Z65yXHkIhzqNLiaS eaEGAgRIhwIzogQCAgEspAYEBAEAAAA= -----END SSL SESSION PARAMETERS----- Shared ciphers:RC4-MD5:RC4-SHA:DES-CBC3-SHA:NULL-SHA CIPHER is DES-CBC3-SHA 23456789aaaaaaaaaa 23456789 23456789 is message the server received in. and the aaaaaaaaaa is message the server send out. what problem is it. please help me, I am a new member, I don't really understand I should be how to go on. I am halt here. abc_123_ok 2008-07-23 发件人: Alan Wolfe 发送时间: 2008-07-23 11:04:35 收件人: openssl-users@openssl.org 抄送: 主题: Re: hello everyone just in case it helps debugging, when you said the first 8 bytes are wrong, instead of trying a pattern like "1111111" to send over you might try something like "12345..." so that way you can tell WHERE your data is getting messed up - ie that could show that not only is the first 8 bytes wrong, but your data begins at byte 9, which could point to a padding issue or something like that. my 2 cents in case it helps debugging (: On Tue, Jul 22, 2008 at 7:06 PM, Kyle Hamilton <[EMAIL PROTECTED]> wrote: Does the client receive the data properly? Does the server receive the data properly? You may have padding going on, you may have an initialization vector being preset, you may have a whole bunch of things going on under the hood. As long as both the client and the server agree on what's going on and what to interpret data as, there's no problems. There have been some obfuscations made to help prevent CBC attacks, as well (please see the TLS v1.0 and TLS v1.1 RFCs for references on what the attacks are and why these obfuscations are necessary to defeat them). -Kyle H 2008/7/22 abc_123_ok <[EMAIL PROTECTED]>: > Dear All, > > I use openssl as a server to test SSL client of our comany. the SSL client > is a part of embedded system。 > I used command as blow in Cygwin. > > > openssl s_server -accept 443 -cert testserver.pem -CAfile spectra_ca.pem > -cipher DES-CBC3-SHA > > Loading 'screen' into random state - done > Using default temp DH parameters > Using default temp ECDH parameters > ACCEPT > > bad gethostbyaddr > -----BEGIN SSL SESSION PARAMETERS----- > MHUCAQECAgMABAIACgQg7anPBHTC6jqWwBj/K5J8N4aJtFvBvvo/Cc/8IadX57gE > MPFpEU9fWppV85v9f4oGy5Q7eVAXqb4QGfbQ3CaHlbw9/laI6yDDWncvGJxHAo9U > oqEGAgRIhahuogQCAgEspAYEBAEAAAA= > -----END SSL SESSION PARAMETERS----- > Shared ciphers:RC4-MD5:RC4-SHA:DES-CBC3-SHA:NULL-SHA > CIPHER is DES-CBC3-SHA > 11111111 > > I send "1111111111" to client from server. > but I find a problem from capture software. > > I see two application data sent to the client. > the first , it is 24 bytes. the second, it is 32 bytes. I decrypted these > data , I find the , the first 8 bytes is wrong in 32 bytes. > > I don't understand why it have a 24 bytes application. the other, why the > first 8 bytes > is wrong in 32 bytes? > > who can help me? > > thanks a lot. > best regards. > > ________________________________ > abc_123_ok > 2008-07-22