case 1:
SSL3_GET_RECORD:decryption failed or bad record mac
I am using wpa_supplicant 0.4.8 on Windows XP. With the exactly the same
configuration, on some computers the TTLS/MSCHAPV2
consistently fails with error "SSL3_GET_RECORD:decryption failed or bad
record mac". With other computers, I get success consistently.
I have searched over the internet. It seems the problem is with OpenSSL
library. The OpenSSL version I am using is openssl-0.9.7d. I am
wondering if anyone knows about any fix or workaround for this problem.
Jan 12 12:45:41.921875: SSL: SSL_connect:error in SSLv3 read finished A
Jan 12 12:45:41.921875: OpenSSL: tls_connection_handshake - SSL_connect
error:14
08F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
case 2:
decryption failed or bad record mac
----
Openssl version: 0.9.8a
Objective: secure FTP (SFTP) w/o pasv
Everything works with self signed cert if client that is going to connect is located ONLY on the same subnet.
If I try to connect a client to the server from outside the subnet, ie. internet client user, I get a "decryption failed or bad record mac" error.
Scenario:
client (public ip) tries to connect to server (non-route able ip on DMZ with public IP forwarded). Won't work.
client (non-route able ip on DMZ) tries to connect to server. Does work.
Is there a mechanism inside OpenSSL that doesn't allow cert pass through if client isn't on the same subnet? Is this a bug?
----
Please test against 0.9.8h; 0.9.8a is nearly 3 years old at this point.
-Kyle H
-----
FIXED
Was a problem with smart defense center altering the packet. Thanks for the quick reply.
http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Introduction
分享到:
相关推荐
解决webMagic0.7.3 出现javax.net.ssl.SSLException: Received fatal alert: protocol_version的问题-附件资源
主要介绍了javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair 解决方法,有需要的朋友们可以学习下。
SSL handshake failed
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure的一个解决方案-附件资源
SSL certificate problem: unable to get local issuer certificate
qt.network.ssl: QSslSocket::connectToHostEncrypted: TLS initialization failed 网上很多说法是libeay32.dll和ssleay32.dll复制到可执行文件里,这个只是解决在Qt Creator下编译运行可以,单独打包不运行...
qt.network.ssl: QSslSocket: cannot resolve SSL_CONF_CTX_set_ssl_ctx qt.network.ssl: QSslSocket: cannot resolve SSL_CONF_CTX_set_flags qt.network.ssl: QSslSocket: cannot resolve SSL_CONF_CTX_finish qt....
示例用Delphi的Indy控件,试过用163或139邮箱发送,可以用普通端口25或SSL端口发送,可以发送附件。 内含2002年的ssleay32.dll和libeay32.dll,其它版本可能会报错“Could not load SSL library”。 smtp.163.com ...
验证SSL证书的类 此软件包提供的类使查询ssl证书上的属性变得异常容易。 我们有三种选择来获取证书。 这是一个例子: use Spatie \ SslCertificate \ SslCertificate ; // fetch the certificate using an url $ ...
python安装完毕后,提示找不到ssl模块: [www@pythontab.com ~]$ python Python 2.7.15 (default, Oct 23 2018, 18:08:43) [GCC 4.4.7 20120313 (Red Hat 4.4.7-23)] on linux2 Type help, copyright, credits or ...
解决QT5.12的qt.network.ssl: QSslSocket::connectToHostEncrypted: TLS initialization failed问题
HTTPS连接时,采用证书认证时的双向握手协议过程分析。
OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 54 这个错误是因为网络太慢,下载virtualbox.box失败,可以换个网络再试一下。 如果网络实在太慢的话,可以试试下面的方法,我们可以手动下载virtualb
NULL 博文链接:https://nassir.iteye.com/blog/1112713
SSLkeylog 一个Ruby库,它以记录来自客户端连接的SSL会话密钥。 分析网络流量时,诸如的工具可以使用此日志来解密数据。 注意:此版本的库是功能原型。 将来可能会更改实现。安装该gem使用C扩展名从Ruby OpenSSL::...
Rack :: SslEnforcer是用于实施SSL连接的简单Rack中间件。 从0.2.0版开始,Rack :: SslEnforcer默认将Cookies标记为安全(必须手动设置HSTS)。 已针对Ruby 1.8.7、1.9.2、1.9.3、2.0.0、2.1.10、2.2.7、2.3.4、...
webmagic 最新包 修复protocol_version,Received close_notify during handshake
Qt-SslServer:使用QTcpServer和QSslSocket的SSL支持的Tcp Server类。 需要Qt和-std = c ++ 11进行编译。 目标机器上还必须有OpenSSL实现