[Pkg-gnutls-maint] Re: Possible bug in GnuTLS AES/SHA1

Marc Haber mh+pkg-gnutls-maint at zugschlus.de
Thu Jan 11 10:48:28 CET 2007 

On Tue, Jan 09, 2007 at 08:50:04AM +0100, Simon Josefsson wrote:
> James Westby <jw+debian at jameswestby.net> writes:
> > Apologies for posting again so quickly, but I remembered something else
> > that I wanted to mention in the mail.
> >
> > When opening the tcpdumps in wireshark there is a breakdown of the
> > handshake. Wireshark interprets it like this (without the version
> > negotiation patch applied):
> >
> >   Server                 Client
> >
> >                         Hello (SSL3.0 and TLS1.0) no compression
> >                         13 cipher suites
> >                         0x0035 0x002f 0x000a 0x0016 0x0013 0x0005 0x0004
> >                         0x0009 0x0012 0x0008 0x0003 0x0011 0x0014
> >
> > Hello (TLS1.0) no compression
> > 0x002f TLS_RSA_WITH_AES_128_CBC_SHA
> >
> > Certificate, Certificate request, Hello done
> >
> >                         Certificate (none)
> >
> >                         Client key exchange, Change cipher spec,
> >                         Encrypted handshake
> >
> > Change cipher spec
> >
> > Encrypted handshake
> >
> >                         Encrypted alert (Bad record MAC).
> >
> >
> >
> > Which reads reasonable to me.
> 
> Me to... you'd might want to compare that with a OpenSSL server
> configured for similar settings.

I have such a trace available to send in private mail to anyone who
asks.

> > As for debugging the actual data on the wire I'm not sure of the best
> > approach for doing this.
> 
> Using wireshark and comparing between two sessions, one that work, and
> one that doesn't, and look for differences, is the only I can think
> of...  there are some TLS dump tools around, but none as versatile as
> wireshark + RFC + pen&paper.

I cannot do this in much detail for lack of time and TLS knowledge.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

More information about the Pkg-gnutls-maint mailing list