[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: [openssl-users] How to debug SSLV3_ALERT_BAD_RECORD_MAC
From:       Viktor Dukhovni <openssl-users () dukhovni ! org>
Date:       2017-04-26 13:17:04
Message-ID: C8FACEE6-38F7-4BCB-97FE-C2275804E5DE () dukhovni ! org
[Download RAW message or body]


> On Apr 26, 2017, at 3:39 AM, Matt Caswell <matt@openssl.org> wrote:
> 
> I'd start by looking at the end-to-end pipe between the client SSL/TLS
> stack and the server stack and validating that the records look sane and
> unchanged at each step.

Well before that, I'd try to find out what's different about the 1.0.2k
handshake, by comparing the negotiated protocol, ciphersuite and extensions
with those negotiated with the previous version used.

It would be appropriate to post which version of OpenSSL was used previously.
It is also important to make sure that the headers and dev libraries are from
the same 1.0.2 release and that the run-time libraries are in fact also from
1.0.2 (same patch level or higher).

-- 
	Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[prev in list] [next in list] [prev in thread] [next in thread]