SSL version 3 application data.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL version 3 application data.

Matt Rodriguez
I'm using s_client and s_server tools to create a ssl connection and
send data over a ssl connection.
I'm observing the traffic using ssldump with the -Adx flags.

The first time I type text into s_client program I see 2 application
data records.
I'm not sure what the purpose or what is in the first application data
record.
Could somebody explain this to me?

1 12 2.0899 (0.0000)  C>SV3.0(32)  application_data
Packet data[37]=
  17 03 00 00 20 06 f5 7d d7 e1 3e 91 ec 60 88 2f
  3c 02 11 5f f4 f6 0f 07 a9 a4 8a 22 04 55 2f 02
  cf 9e 17 62 1b


1 13 13.2663 (11.1764)  C>SV3.0(32)  application_data
Packet data[37]=
  17 03 00 00 20 87 e2 47 47 41 4d 28 09 4a cc 7f
  fa b8 08 cd be c4 ca ae 6c be 51 2f 09 bb 80 7b
  e5 2f e8 27 64

I've been looking at the specifications and figuring out what the data
in the application
data record means. If anybody can explain this to me in greater detail,
that would
be great.

17 (application data) 23
03 (major version 3)
00 (minor version 0)
00 (?? cipher specification?)
20 (length) 32

Thanks,
Matt Rodriguez
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SSL version 3 application data.

Jostein Tveit
Matt Rodriguez <[hidden email]> writes:

> I've been looking at the specifications and figuring out what the
> data in the application
> data record means. If anybody can explain this to me in greater
> detail, that would
> be great.

The application data is encrypted. Everything after the 5th byte
is ciphertext.

17 (application data)
03 (major version)
00 (minor version)
00 20 (length 16bits)
... (32 bytes of encrypted data)

--
Jostein Tveit <[hidden email]>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SSL version 3 application data.

Victor Duchovni
On Wed, Aug 24, 2005 at 12:38:59AM +0200, Jostein Tveit wrote:

> The application data is encrypted. Everything after the 5th byte
> is ciphertext.
>
> 17 (application data)
> 03 (major version)
> 00 (minor version)
> 00 20 (length 16bits)
> ... (32 bytes of encrypted data)
>

With a 16 byte (128 bit) block cipher/MAC, the first 16 bytes are CBC
data, and the last 16 are the MAC. So the message length is somewhere
between 1 and 15 bytes (removing the CBC padding is not practical without
the encryption key).

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]