-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Shailendra,
On 05/04/2010 02:48 AM, Shailendra Shukla wrote: > On May 4, 12:58 am, Ramon de Carvalho Valle > <rcva...@linux.vnet.ibm.com> wrote: > Hi, > > I'm having problems with my PKCS #11 implementation and mod_nss. The > requests using SSLv3 protocol fails with bad_record_mac (20). I think > the problem is in client_key_exchange (16), and I would like to know if > both TLSv1 and SSLv3 protocols use the PKCS #1 Encryption-block > formatting according to RFC 2313: > > EB = 00 || BT || PS || 00 || D . > > SSLTAP shows the ClientKeyExchange message length in client_key_exchange > (16) is 130 (0x82) for TLSv1 and 128 (0x80) for SSLv3. > > Best regards, > > Hi Ramon > RFC 2313 talks about PKCS #7 for Signature algorithms.For more detail > you can explore url "http://www.faqs.org/rfcs/rfc2313.html";. > You can go through RFC 4346 "http://tools.ietf.org/html/rfc4346"; and > " ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf " > for implementation. Thanks. I'll take a look at these references. > It has been found that their is problem with SSLv3 Dynamic session > renegotiation and Handshake (Protocol or Type ) Client Key Exchange > (16).I don't think that PKCS #1 fully support TLSv1 and SSLv3 (PKCS#1 > needs padding). Do you know where I can find more information about it? Best regards, - -- Ramon de Carvalho Valle Software Engineer IBM Linux Technology Center E-Mail: rcva...@linux.vnet.ibm.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvgFfYACgkQGIS0iEuhp4OiSgCfcXveqTZqbctmauZHGjRuabaZ FL0AoJGxgvkSKzjhVYwSyIM6TMdYC6ydiEYEARECAAYFAkvgFfYACgkQkcIYeh81 wLmiSgCdG4e5+m9eGCwcifB/rJ3L5CslrIYAmQEsOSueYcpLLgMd4ZO5yTyzj6Gk =cy/V -----END PGP SIGNATURE----- -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
