Hello, There seems to be a possible problem with the SSL implementation used in Google Drive on MacOS 10.8.2. I seems that this SSL implementation is NSS - please let me know if you know that Google Drive uses a different SSL implementation and I should direct this question elsewhere.
Packet captures of SSL flows between the Google Drive client application and the Google servers it talks to show the following possible problem. During the application data phase of the TLS connection, the Google Drive client sends two consecutive TCP packets with different TCP sequence numbers, both containing the same encrypted SSL record. The cipher suite used is TLS_RSA_WITH_AES_128_CBC_SHA. A normal SSL server talking to Google drive will likely fail to decrypt the duplicated SSL record and verify its MAC, because AES decryption is used in CBC mode, and the duplicated SSL record should have a different SSL sequence number. However, it looks like the flow proceeds just fine. Can anybody here comment on this behavior? Is there a better place to ask this question? Best Regards, Peter Djalaleiv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
