[sr-dev] [tracker] Comment added: kamailio tls debug error
sip-router
bugtracker at sip-router.org
Mon Jul 23 09:06:12 CEST 2012
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#245 - kamailio tls debug error
User who did this - Klaus Darilion (klaus3000)
----------
I found this thread about "bad record mac": https://groups.google.com/forum/?fromgroups#!topic/mailing.openssl.users/-XUziyGyIdo
"Well, textbook explanation of SSL is not short, but once the connection is established, each party will have a set keys composed of a MAC key (message authentication code) and an encryption key. Within the SSL record, the payload is encrypted, and the MAC is basically a hash of the MAC Key + data + sequence + nonce + etc (I don’t remember the exact list of parameters that are authenticated by the MAC off the top of my head).
Also, at the end of the handshake, there is a final exchange of the MAC of all of the Records sent before the connection was “settled”.
If any of the items of the SSL Record change the client will be able to detect that because the MAC will not match. First place I would look is at the firewall logs, or maybe any app (such as HIDS/NIDS) that might be doing something to the packet."
So maybe there is really somebody modifying packets, or openSSL uses a wrong key for MAC checks, or maybe has some other problem during MAC checking and produces this incorrect error.
----------
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=245#comment721
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
More information about the sr-dev
mailing list