[stunnel-users] SSL_read: 1408F455: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac problem
Maddalena.Pulcini at seleniacomms.com
Maddalena.Pulcini at seleniacomms.com
Tue Mar 15 12:38:46 CET 2005
Hi, someone could help me?
I am using stunnel (4.07) as ssl client to do telnet to my router with ssl server (openssl 0.9.7d).
Stunnel is configured in this way:
==========================
client = yes
debug=7
cert=clcert.pem
[telnet]
accept = 23
connect = 10.36.3.144:4433
==========================
My router's configuration is:
==========================
-Verify 4
-cert cert.pem
==========================
The exchange of packets:
==========================
client sends=======> Client Hello
server sends======> Server Hello,Certificate, Certificate Request,Server Hello Done
client sends======> Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Encrypted Handshake Message
server sends=====> Change Cipher Spec, Encrypted Handshake Message and then Application Data.
After sending a number of Application Data by the server, client sends Encrypted Alert and closes the connection.
Having debug on stunnel client I can see:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2005.03.15 11:13:44 LOG5[2040:3964]: stunnel 4.07 on x86-pc-mingw32-gnu WIN32+IPv6 with OpenSSL 0.9.8-dev XX xxx XXXX
2005.03.15 11:13:44 LOG7[2040:2376]: Snagged 64 random bytes from C:/.rnd
2005.03.15 11:13:44 LOG7[2040:2376]: Wrote 1024 new random bytes to C:/.rnd
2005.03.15 11:13:44 LOG7[2040:2376]: RAND_status claims sufficient entropy for the PRNG
2005.03.15 11:13:44 LOG6[2040:2376]: PRNG seeded successfully
2005.03.15 11:13:44 LOG7[2040:2376]: Certificate: clcert.pem
2005.03.15 11:13:44 LOG7[2040:2376]: Key file: clcert.pem
2005.03.15 11:13:44 LOG5[2040:2376]: No limit detected for the number of clients
2005.03.15 11:13:44 LOG7[2040:2376]: FD 188 in non-blocking mode
2005.03.15 11:13:44 LOG7[2040:2376]: SO_REUSEADDR option set on accept socket
2005.03.15 11:13:44 LOG7[2040:2376]: telnet bound to 0.0.0.0:23
2005.03.15 11:13:54 LOG7[2040:2376]: telnet accepted FD=192 from 127.0.0.1:1589
2005.03.15 11:13:54 LOG7[2040:2376]: FD 192 in non-blocking mode
2005.03.15 11:13:54 LOG7[2040:2376]: Creating a new thread
2005.03.15 11:13:54 LOG7[2040:2376]: New thread created
2005.03.15 11:13:54 LOG7[2040:3588]: telnet started
2005.03.15 11:13:54 LOG5[2040:3588]: telnet connected from 127.0.0.1:1589
2005.03.15 11:13:54 LOG7[2040:3588]: FD 224 in non-blocking mode
2005.03.15 11:13:54 LOG7[2040:3588]: telnet connecting 10.36.3.144:4433
2005.03.15 11:13:54 LOG7[2040:3588]: connect_wait: waiting 10 seconds
2005.03.15 11:13:54 LOG7[2040:3588]: connect_wait: connected
2005.03.15 11:13:54 LOG7[2040:3588]: Remote FD=224 initialized
2005.03.15 11:13:54 LOG7[2040:3588]: SSL state (connect): before/connect initialization
2005.03.15 11:13:55 LOG7[2040:3588]: SSL state (connect): SSLv3 write client hello A
2005.03.15 11:13:55 LOG7[2040:3588]: SSL state (connect): SSLv3 read server hello A
2005.03.15 11:13:55 LOG7[2040:3588]: SSL state (connect): SSLv3 read server certificate A
2005.03.15 11:13:55 LOG7[2040:3588]: SSL state (connect): SSLv3 read server certificate request A
2005.03.15 11:13:55 LOG7[2040:3588]: SSL state (connect): SSLv3 read server done A
2005.03.15 11:13:55 LOG7[2040:3588]: SSL state (connect): SSLv3 write client certificate A
2005.03.15 11:13:55 LOG7[2040:3588]: SSL state (connect): SSLv3 write client key exchange A
2005.03.15 11:13:55 LOG7[2040:3588]: SSL state (connect): SSLv3 write certificate verify A
2005.03.15 11:13:55 LOG7[2040:3588]: SSL state (connect): SSLv3 write change cipher spec A
2005.03.15 11:13:55 LOG7[2040:3588]: SSL state (connect): SSLv3 write finished A
2005.03.15 11:13:55 LOG7[2040:3588]: SSL state (connect): SSLv3 flush data
2005.03.15 11:14:26 LOG7[2040:3588]: SSL state (connect): SSLv3 read finished A
2005.03.15 11:14:26 LOG7[2040:3588]: 1 items in the session cache
2005.03.15 11:14:26 LOG7[2040:3588]: 1 client connects (SSL_connect())
2005.03.15 11:14:26 LOG7[2040:3588]: 1 client connects that finished
2005.03.15 11:14:26 LOG7[2040:3588]: 0 client renegotiatations requested
2005.03.15 11:14:26 LOG7[2040:3588]: 0 server connects (SSL_accept())
2005.03.15 11:14:26 LOG7[2040:3588]: 0 server connects that finished
2005.03.15 11:14:26 LOG7[2040:3588]: 0 server renegotiatiations requested
2005.03.15 11:14:26 LOG7[2040:3588]: 0 session cache hits
2005.03.15 11:14:26 LOG7[2040:3588]: 0 session cache misses
2005.03.15 11:14:26 LOG7[2040:3588]: 0 session cache timeouts
2005.03.15 11:14:26 LOG6[2040:3588]: SSL connected: new session negotiated
2005.03.15 11:14:26 LOG6[2040:3588]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2005.03.15 11:14:41 LOG7[2040:3588]: SSL alert (write): fatal: bad record mac
2005.03.15 11:14:41 LOG3[2040:3588]: SSL_read: 1408F455: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
2005.03.15 11:14:41 LOG5[2040:3588]: Connection reset: 17 bytes sent to SSL, 190 bytes sent to socket
2005.03.15 11:14:41 LOG7[2040:3588]: telnet finished (0 left)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
This client is now running using an updated library: libeay32.dll obtained compiling openssl-SNAP-20050304 that seemed to be the solution of the
problem (after searching on Internet I deduce that).
Not having solution to the problem, I know that my conclusion is not right. So if someone knows how to procede, please help me.
Thanks&Regards
Maddalena Pulcini
More information about the stunnel-users
mailing list