We have a client/server running TLS v1.0 and keep getting the Encryption Alert 21 from the client after the initial handshake. They are using cipher block chaining and I've read where the block cipher input length being different than something other than a multiple of the block length would cause the Decryption Failed alert but how\where would I find these values to determine if that's the real cause for the alert?
I've attached the handshake sequence below...Thanks...Appreciate it
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Client Hello ##
Content Type: Handshake (22)###
Version: TLS 1.0 (0x0301)
Length: 254
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 250
Version: TLS 1.2 (0x0303)
Random
GMT Unix Time: Jun 25, 1983 13:56:23.000000000 Eastern Daylight Time
Random Bytes: 2761896c45978dc3868cd4858d7a3d5749f7218e40f5fd3f...
Session ID Length: 0
Cipher Suites Length: 100
Cipher Suites (50 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 109
Extension: ec_point_formats
Extension: elliptic_curves
Extension: SessionTicket TLS
Extension: signature_algorithms
Extension: Heartbeat
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 1449
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 77
Version: TLS 1.0 (0x0301)
Random
Session ID Length: 32
Session ID: 569d341d4d75bc12b41fa995f22fea93a51d14fa1d612e69...
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Compression Method: null (0)
Extensions Length: 5
Extension: renegotiation_info
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 816
Certificates Length: 813
Certificates (813 bytes)
Handshake Protocol: Server Key Exchange
Handshake Type: Server Key Exchange (12)
Length: 540
Diffie-Hellman Server Params
p Length: 128
p: fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400...
g Length: 20
g: 9760508f15230bccb292b982a2eb840bf0581cf5
Pubkey Length: 128
Pubkey: 73f35da13f584ccb05901f5242f71da41b5f35cc185409a9...
Signature Length: 256
Signature: 3b8a31d223c149fb0af62f653be5d61af1297c11c4d6e925...
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Client Key Exchange
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 134
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 130
Diffie-Hellman Client Params
Pubkey Length: 128
Pubkey: 76ef1851a1202c19b55aebc2cf830cbb023f15f75d7c963a...
TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.0 (0x0301)
Length: 1
Change Cipher Spec Message
TLSv1 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 48
Handshake Protocol: Encrypted Handshake Message
Secure Sockets Layer
TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.0 (0x0301)
Length: 1
Change Cipher Spec Message
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 48
Handshake Protocol: Encrypted Handshake Message
Secure Sockets Layer
client->server
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 32
Encrypted Application Data: 50c0d7383385d5ea8aa08c9a489904b20fb508a1b53ec017...
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 480
Encrypted Application Data: 18ad9fa298268b2da260c4873075d8116554d3067659a0f6...
Secure Sockets Layer
server->client
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 352
Encrypted Application Data: a425edb24ceb1fab0516b7cf64e18d571db0f222e606d1a7...
Secure Sockets Layer
client->server
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 32
Encrypted Application Data: 4952a32d5ca081870f74397b4b45d8af9017938b92db648a...
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 480
Encrypted Application Data: 3a97d944ddabc997a965cc75ed946aa0dd4b13e525f44aff...
Secure Sockets Layer
server->client
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 32
Encrypted Application Data: 47f3838b409d33cfd039f51e432e7675095f6f724ba7c728...
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 352
Encrypted Application Data: 8bd4f772427b1bf25901b3cc59cff003d83b02bd11421e62...
Secure Sockets Layer
client->server
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 32
Encrypted Application Data: 1a0750299f160c207a88d6d6b2bc794373b7d45ae845129f...
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 480
Encrypted Application Data: 094956aa5f580d500d9402bc84696748f6c008d8f75bcafc...
Secure Sockets Layer
client->server
TLSv1 Record Layer: Encrypted Alert
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 32
Alert Message: Encrypted Alert
TLS v1.0
is basically broken right? Is there a reason your client thinks its 1983?GMT Unix Time: Jun 25, 1983 13:56:23.000000000 Eastern Daylight Time
hence my question why the client thinks its Junt 25 1983 @ 1:53PM GMT the same of this post. The time is correct ( or close enough ) but the date is not correct. Its currently 14:39PM GMT, hence, how I know its close enough.