case 1:
[color=darkred]SSL3_GET_RECORD:decryption failed or bad record mac[/color]
I am using wpa_supplicant 0.4.8 on Windows XP. With the exactly the same
configuration, on some computers the TTLS/MSCHAPV2
consistently fails with error "SSL3_GET_RECORD:decryption failed or bad
record mac". With other computers, I get success consistently.
I have searched over the internet. It seems the problem is with OpenSSL
library. The OpenSSL version I am using is openssl-0.9.7d. I am
wondering if anyone knows about any fix or workaround for this problem.
Jan 12 12:45:41.921875: SSL: SSL_connect:error in SSLv3 read finished A
Jan 12 12:45:41.921875: OpenSSL: tls_connection_handshake - SSL_connect
error:14
08F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
case 2:
[color=darkred]decryption failed or bad record mac[/color]
----
Openssl version: 0.9.8a
Objective: secure FTP (SFTP) w/o pasv
Everything works with self signed cert if client that is going to connect is located ONLY on the same subnet.
If I try to connect a client to the server from outside the subnet, ie. internet client user, I get a "decryption failed or bad record mac" error.
Scenario:
client (public ip) tries to connect to server (non-route able ip on DMZ with public IP forwarded). Won't work.
client (non-route able ip on DMZ) tries to connect to server. Does work.
Is there a mechanism inside OpenSSL that doesn't allow cert pass through if client isn't on the same subnet? Is this a bug?
----
Please test against 0.9.8h; 0.9.8a is nearly 3 years old at this point.
-Kyle H
-----
FIXED
Was a problem with smart defense center altering the packet. Thanks for the quick reply.
http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Introduction
[color=darkred]SSL3_GET_RECORD:decryption failed or bad record mac[/color]
I am using wpa_supplicant 0.4.8 on Windows XP. With the exactly the same
configuration, on some computers the TTLS/MSCHAPV2
consistently fails with error "SSL3_GET_RECORD:decryption failed or bad
record mac". With other computers, I get success consistently.
I have searched over the internet. It seems the problem is with OpenSSL
library. The OpenSSL version I am using is openssl-0.9.7d. I am
wondering if anyone knows about any fix or workaround for this problem.
Jan 12 12:45:41.921875: SSL: SSL_connect:error in SSLv3 read finished A
Jan 12 12:45:41.921875: OpenSSL: tls_connection_handshake - SSL_connect
error:14
08F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
case 2:
[color=darkred]decryption failed or bad record mac[/color]
----
Openssl version: 0.9.8a
Objective: secure FTP (SFTP) w/o pasv
Everything works with self signed cert if client that is going to connect is located ONLY on the same subnet.
If I try to connect a client to the server from outside the subnet, ie. internet client user, I get a "decryption failed or bad record mac" error.
Scenario:
client (public ip) tries to connect to server (non-route able ip on DMZ with public IP forwarded). Won't work.
client (non-route able ip on DMZ) tries to connect to server. Does work.
Is there a mechanism inside OpenSSL that doesn't allow cert pass through if client isn't on the same subnet? Is this a bug?
----
Please test against 0.9.8h; 0.9.8a is nearly 3 years old at this point.
-Kyle H
-----
FIXED
Was a problem with smart defense center altering the packet. Thanks for the quick reply.
http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Introduction