I've been developing a web server (research) based on ssl version 3 doc (ssl-version3-02.txt), choosing cipher suite 0x000a (ssl-tripleDes-sha) and using firefox browser to test the program.
It works successfully from client hello until server finished (handshake protocol). All key materials (MAC secrets, cihper secrets and initial vectors) seem to be correctly produced. But, there is a problem when it tries to process the first application data sent by firefox (decrypting the data). The first block (8-bytes) of the result (plain text) is meaningless (the rest blocks are correct). I suspect that the initialization vectors used is this program is different than the one used by firefox(client). Is there anyone can share or explain why it can happen, because it uses the same key and IV when verifying the client finished message successfully. As an illustration, received application data: "?Z?ZZ&^%TP 1.1\n.............." which is supposed to be "GET / HTTP 1.1\n.............." Thanks _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
