THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#245 - kamailio tls debug error
User who did this - Klaus Darilion (klaus3000)
----------
I found this thread about "bad record mac":
https://groups.google.com/forum/?fromgroups#!topic/mailing.openssl.users/-X…
"Well, textbook explanation of SSL is not short, but once the connection is
established, each party will have a set keys composed of a MAC key (message authentication
code) and an encryption key. Within the SSL record, the payload is encrypted, and the MAC
is basically a hash of the MAC Key + data + sequence + nonce + etc (I don’t remember the
exact list of parameters that are authenticated by the MAC off the top of my head).
Also, at the end of the handshake, there is a final exchange of the MAC of all of the
Records sent before the connection was “settled”.
If any of the items of the SSL Record change the client will be able to detect that
because the MAC will not match. First place I would look is at the firewall logs, or maybe
any app (such as HIDS/NIDS) that might be doing something to the packet."
So maybe there is really somebody modifying packets, or openSSL uses a wrong key for MAC
checks, or maybe has some other problem during MAC checking and produces this incorrect
error.
----------
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=245#comment7…
You are receiving this message because you have requested it from the Flyspray bugtracking
system. If you did not expect this message or don't want to receive mails in future,
you can change your notification settings at the URL shown above.