[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl]cu|| iaik.security.ssl.SSLException: SSLv3 padding length error



Hello,

from the debug output we cannot see if the problem originates from the
server or client side. Since you wrote that you observe the problem
periodically, may you try if the problem disappears when using IAIK-JCE 3.01
and iSaSiLk 3.05.
Does the problem only occur when using a 3DES based cipher suite?

Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
von Paul Lang
Gesendet: Mittwoch, 30. Oktober 2002 23:47
An: 'iaik-ssl@iaik.at'
Betreff: [iaik-ssl]cu|| iaik.security.ssl.SSLException: SSLv3 padding
length error


I am using IAIK-JCE 2.61 and iSaSiLk 3.03 to communicate ASN.1 formatted
messages
using SSL Version 3.0 with another company that is using a different SSL
toolkit (Certicom's SSL Plus 4.0).  The cipher suite we have in common is
SSL_RSA_WITH_3DES_EDE_CBC_SHA.

Intermittently I get an iaik.security.ssl.SSLException: SSLv3 padding length
error
in the debugging log (see below), but I cannot isolate the problem.  It also
indicates
"Sending alert: Alert Fatal: bad record mac"

The error occurs when I try to read the input stream with
ASN1Object obj = DerCoder.decode(sslClientSocket.getInputStream());

Has anyone else ran into this problem before or know what might be going on?

TIA,
Paul


=====This is the debugging output========================================

ssl_debug(2): Accepted connection from 136.151.91.11/136.151.91.11
ssl_debug(2): Starting handshake (iSaSiLk 3.03)...
ssl_debug(2): Received v3 client_hello handshake message.
ssl_debug(2): Client requested SSL version 3.0, selecting version 3.0.
ssl_debug(2): Creating new session 06:18:71:2E:A7:98:73:33...
ssl_debug(2): CipherSuites supported by the client:
ssl_debug(2): SSL_RSA_WITH_RC4_128_MD5
ssl_debug(2): SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(2): CompressionMethods supported by the client:
ssl_debug(2): NULL
ssl_debug(2): Sending server_hello handshake message.
ssl_debug(2): Selecting CipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(2): Selecting CompressionMethod: NULL
ssl_debug(2): Sending certificate handshake message with server
certificate...
ssl_debug(2): Sending certificate_request handshake message...
ssl_debug(2): Sending server_hello_done handshake message...
ssl_debug(2): Received certificate handshake message with client
certificate.
ssl_debug(2): Client sent a 1024 bit RSA certificate, chain has 2 elements.
ssl_debug(2): Received client_key_exchange handshake message.
ssl_debug(2): Received certificate_verify handshake message.
ssl_debug(2): ChainVerifier: Found a trusted certificate, returning true
ssl_debug(2): Received change_cipher_spec message.
ssl_debug(2): Received finished message.
ssl_debug(2): Sending change_cipher_spec message...
ssl_debug(2): Sending finished message...
ssl_debug(2): Handshake completed, statistics:
ssl_debug(2): Read 1910 bytes in 6 records, wrote 2269 bytes in 3 records.
ssl_debug(2): Sending alert: Alert Fatal: bad record mac
ssl_debug(2): Shutting down SSL layer...
ssl_debug(2): Read 661 bytes in 1 records, 0 bytes net, 0 average.
ssl_debug(2): Wrote 0 bytes in 0 records, 0 bytes net, 0 average.
ssl_debug(2): Exception reading SSL message: iaik.security.ssl.SSLException:
SSLv3 padding length error: 47
ssl_debug(2): Closing transport...

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl