Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

A strange behavior of SSL in using the symmetric encryption key?

Tags:

ssl

encryption

I've used wireshark to watch several SSL3.0 traffic and decrypt the messages transferred between client & server.

And what I've just found is very strange :

AFAIK, the encryption-key, MAC and encryption algorithm used in calculating client-Finished and application-data sent by client are exactly the same.

But, when I use the same client-write-key used to encrypt client-finished (Derived from MasterSecret) to encrypt application data, I get the different result from what the client (firefox) calculated.

The odd behavior also happened with server: I can use server-write-key (derive from MasterSecret) to decrypt successfully the "server-finished" message, but failed to decrypt any other encrypted message from server.

So, can you please tell me what happened to the client-write-key & server-write-key ? Did both client and server changed their write-key after "finished" message sent?

PS: I forced client (Firefox) to use SSL V3.0, cipherSuite = TLS_RSA_WITH_RC4_128_MD5

like image 727
vantrung -cuncon Avatar asked Dec 07 '13 09:12

vantrung -cuncon

People also ask

What are the problems with symmetric key encryption?

One big issue with using symmetric algorithms is the key exchange problem, which can present a classic catch-22. The other main issue is the problem of trust between two parties that share a secret symmetric key. Problems of trust may be encountered when encryption is used for authentication and integrity checking.

Why does SSL use symmetric encryption?

SSL/TLS uses both asymmetric and symmetric encryption to protect the confidentiality and integrity of data-in-transit. Asymmetric encryption is used to establish a secure session between a client and a server, and symmetric encryption is used to exchange data within the secured session.

Which of the following is used in symmetric encryption public key and user key SSL private key only TLS?

Symmetric encryption uses a shared private key while asymmetric encryption uses a public/private key pair.

Which is the largest disadvantage of the symmetric encryption?

Which is the largest disadvantage of symmetric Encryption? Explanation: As there is only one key in the symmetrical encryption, this must be known by both sender and recipient and this key is sufficient to decrypt the secret message.

1 Answers

I found out the answer myself : the function RC4 I've used didn't save the cipher state, while SSL stream cipher required that. I've used a RC4 class and problem resolved!

like image 143
vantrung -cuncon Avatar answered Oct 08 '22 02:10

vantrung -cuncon
Sign in to Comment

Related questions

Mutual Authentication (2-way SSL) in AWS Lambda
OpenSSL connection: alert internal error
"bq" command line tool throws CERTIFICATE_VERIFY_FAILED
SSL with Rails 3.1: config.force_ssl = true not working in development mode
javax.net.ssl.SSLPeerUnverifiedException: No peer certificate while I am working with google place api in android [duplicate]
cURL SSL Certificate error "Bad Certificate"
Tablet can't download .apk file in some browsers
PHP: PDO(MySQL) SSL Connection
Botan SSL/TLS example or starting point
Why does Volley fall back to SSLV3?
How to get TLS/SSL related information in ASP.NET Core?
NGINX TLS termination for PostgreSQL
Certificate Pinning - Generate SHA256 Pinning Key from Certificate .crt file
How correctly install ssl certificate using certbot in docker?
How to establish TLS session in python using PKCS11
How to activate SSL(HTTPS) in Glassfish 3.0 embedded API?
Switching Between HTTP and HTTPS in ASP.NET MVC 1.0
Flash SecureSocket and RSA private key
is starttls.enabled = true is safe for mail sending from java code?
Enabled ciphers on Ubuntu OpenJDK 7

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!