about "bad record mac" when doing authentication using EAP-TTLS, thanks - Openssl

This is a discussion on about "bad record mac" when doing authentication using EAP-TTLS, thanks - Openssl ; Hello, I'm doing a project using EAP-TTLS for authenticating users, it's run ok when just have a single access, but when I have more times access continuously there will generate a log "SSL: SSL3 alert: write (local SSL3 detected an ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: about "bad record mac" when doing authentication using EAP-TTLS, thanks

  1. about "bad record mac" when doing authentication using EAP-TTLS, thanks

    Hello,
    I'm doing a project using EAP-TTLS for authenticating users,
    it's run ok when just have a single access, but when I have
    more times access continuously there will generate a log
    "SSL: SSL3 alert: write (local SSL3 detected an error):fatal:bad record
    mac"


    context is
    server has sent it's cert, and then received the EAP-Response which composed

    with "client key exchange" "change cipher spec" and "Encrypto handshake
    Message"
    but occur an error at the moment,
    --log begin---
    EAP-TTLS: Received packet(len=204) - Flags 0x00
    SSL: (where=0x2001 ret=0x1)
    SSL: SSL_accept:SSLv3 read client key exchange A
    SSL: (where=0x4008 ret=0x214)
    SSL: SSL3 alert: write (local SSL3 detected an error):fatal:bad record mac
    SSL: (where=0x2002 ret=0xffffffff)
    SSL: SSL_accept:error in SSLv3 read certificate verify A
    SSL: 7 bytes pending from ssl_out
    SSL: 7 bytes left to be sent out (of total 7 bytes)
    --log end---
    the eap message content is
    15 00 15 03 01 00 02 02 14

    who can give me some suggestion about which situation can induce this result
    ?
    i think this packet is correct and ethreal can resolve it well.

    Thanks a lot


  2. Re: about "bad record mac" when doing authentication using EAP-TTLS,thanks

    Jinhua Zhu wrote:
    > Hello,
    > I'm doing a project using EAP-TTLS for authenticating users,
    > it's run ok when just have a single access, but when I have
    > more times access continuously there will generate a log
    > "SSL: SSL3 alert: write (local SSL3 detected an error):fatal:bad record
    > mac"
    >
    >
    > context is
    > server has sent it's cert, and then received the EAP-Response which composed
    >
    > with "client key exchange" "change cipher spec" and "Encrypto handshake
    > Message"
    > but occur an error at the moment,
    > --log begin---
    > EAP-TTLS: Received packet(len=204) - Flags 0x00
    > SSL: (where=0x2001 ret=0x1)
    > SSL: SSL_accept:SSLv3 read client key exchange A
    > SSL: (where=0x4008 ret=0x214)
    > SSL: SSL3 alert: write (local SSL3 detected an error):fatal:bad record mac
    > SSL: (where=0x2002 ret=0xffffffff)
    > SSL: SSL_accept:error in SSLv3 read certificate verify A
    > SSL: 7 bytes pending from ssl_out
    > SSL: 7 bytes left to be sent out (of total 7 bytes)
    > --log end---
    > the eap message content is
    > 15 00 15 03 01 00 02 02 14
    >
    > who can give me some suggestion about which situation can induce this result
    > ?
    > i think this packet is correct and ethreal can resolve it well.
    >
    > Thanks a lot
    >
    >

    I had this problem and the only solution was to use TLSv1. Don't know
    if that helps.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  3. Re: about "bad record mac" when doing authentication using EAP-TTLS, thanks

    Thanks,

    i think that it maybe caused by threads conflict and detect had not
    implement locking callback

    since implemented the following two callback function
    CRYPTO_set_id_callback(id_function);
    CRYPTO_set_locking_callback(locking_function);
    by reference threads.doc. it appear not occur now, and other wrong like
    *_cmp exception also eliminate

    thanks all




    On 7/3/08, doki_pen wrote:
    >
    > Jinhua Zhu wrote:
    >
    >> Hello,
    >> I'm doing a project using EAP-TTLS for authenticating users,
    >> it's run ok when just have a single access, but when I have
    >> more times access continuously there will generate a log
    >> "SSL: SSL3 alert: write (local SSL3 detected an error):fatal:bad record
    >> mac"
    >>
    >>
    >> context is
    >> server has sent it's cert, and then received the EAP-Response which
    >> composed
    >>
    >> with "client key exchange" "change cipher spec" and "Encrypto handshake
    >> Message"
    >> but occur an error at the moment,
    >> --log begin---
    >> EAP-TTLS: Received packet(len=204) - Flags 0x00
    >> SSL: (where=0x2001 ret=0x1)
    >> SSL: SSL_accept:SSLv3 read client key exchange A
    >> SSL: (where=0x4008 ret=0x214)
    >> SSL: SSL3 alert: write (local SSL3 detected an error):fatal:bad record mac
    >> SSL: (where=0x2002 ret=0xffffffff)
    >> SSL: SSL_accept:error in SSLv3 read certificate verify A
    >> SSL: 7 bytes pending from ssl_out
    >> SSL: 7 bytes left to be sent out (of total 7 bytes)
    >> --log end---
    >> the eap message content is
    >> 15 00 15 03 01 00 02 02 14
    >>
    >> who can give me some suggestion about which situation can induce this
    >> result
    >> ?
    >> i think this packet is correct and ethreal can resolve it well.
    >>
    >> Thanks a lot
    >>
    >>
    >>

    > I had this problem and the only solution was to use TLSv1. Don't know if
    > that helps.
    > __________________________________________________ ____________________
    > OpenSSL Project http://www.openssl.org
    > User Support Mailing List openssl-users@openssl.org
    > Automated List Manager majordomo@openssl.org
    >




    --
    Jinhua. Zhu
    Nanjing, China
    jinhua1982@gmail.com


+ Reply to Thread