Re: TLSv1 and SSLv3 client_key_exchange Encryption-block formatting

On Fri, 07 May 2010 16:08:04 -0700 Nelson B Bolyard wrote: > > We're trying to identify why our implementation works OK with TLSv1 > > while it fails with SSLv3. It all looks the same from a PKCS#11 > > point-of-view > > None of the issues above differ between SSL3 and TLS. They differ > b

Re: TLSv1 and SSLv3 client_key_exchange Encryption-block formatting

On 2010/05/07 12:16 PDT, Klaus Heinrich Kiwi wrote: > On Tue, 04 May 2010 09:28:58 -0700 > Nelson B Bolyard wrote: >> It's all handled by the SSL library. > > Nelson, > > but when implementing a PKCS#11 token, we should be performing the > PKCS#11 v1.5 padding for the CKM_RSA_PKCS method, rig

Re: TLSv1 and SSLv3 client_key_exchange Encryption-block formatting

On Tue, 04 May 2010 09:28:58 -0700 Nelson B Bolyard wrote: > On 2010-05-04 05:41 PST, Ramon de Carvalho Valle wrote: > > >>> SSLTAP shows the ClientKeyExchange message length in > >>> client_key_exchange (16) is 130 (0x82) for TLSv1 and 128 (0x80) > >>> for SSLv3. > >> Yes, that is a difference

Re: TLSv1 and SSLv3 client_key_exchange Encryption-block formatting

On 2010-05-04 05:41 PST, Ramon de Carvalho Valle wrote: >>> SSLTAP shows the ClientKeyExchange message length in client_key_exchange >>> (16) is 130 (0x82) for TLSv1 and 128 (0x80) for SSLv3. >> Yes, that is a difference between the two protocol versions. >> >> TLS encodes the encrypted pre-master

Re: TLSv1 and SSLv3 client_key_exchange Encryption-block formatting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Shailendra, On 05/04/2010 02:48 AM, Shailendra Shukla wrote: > On May 4, 12:58 am, Ramon de Carvalho Valle > wrote: > Hi, > > I'm having problems with my PKCS #11 implementation and mod_nss. The > requests using SSLv3 protocol fails with bad_reco

Re: TLSv1 and SSLv3 client_key_exchange Encryption-block formatting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Nelson, On 05/04/2010 03:11 AM, Nelson B Bolyard wrote: > On 2010-05-03 12:58 PST, Ramon de Carvalho Valle wrote: >> I'm having problems with my PKCS #11 implementation and mod_nss. The >> requests using SSLv3 protocol fails with bad_record_mac (20

Re: TLSv1 and SSLv3 client_key_exchange Encryption-block formatting

On 2010-05-03 12:58 PST, Ramon de Carvalho Valle wrote: > I'm having problems with my PKCS #11 implementation and mod_nss. The > requests using SSLv3 protocol fails with bad_record_mac (20). I think > the problem is in client_key_exchange (16), and OK, that's a possibility, one of many. > I woul

Re: TLSv1 and SSLv3 client_key_exchange Encryption-block formatting

On May 4, 12:58 am, Ramon de Carvalho Valle wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi, > > I'm having problems with my PKCS #11 implementation and mod_nss. The > requests using SSLv3 protocol fails with bad_record_mac (20). I think > the problem is in client_key_exchange (16)

TLSv1 and SSLv3 client_key_exchange Encryption-block formatting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm having problems with my PKCS #11 implementation and mod_nss. The requests using SSLv3 protocol fails with bad_record_mac (20). I think the problem is in client_key_exchange (16), and I would like to know if both TLSv1 and SSLv3 protocols use t