Closed tangxiao187 closed 5 years ago
Oh, it seems like we introduced a bug here when we added chachapoly. The aad length in TLS 1.3 was computed wrongly. I just pushed a preversion of TLS-Attacker 2.8 to the master branch. With that version it should work again. Let me know if you encounter other problems. Im happy to help. Cheers Robert
The problem has been solved in TLS-Attacker 2.8. Thank you, Robert.
Hello, I'm a new comer to TLS-Attacker. I'm trying to use TLS-Attacker 2.7 client to connect Openssl_1.1.1 TLS1_3 server, but get a bad_record_mac Alert from server when client sent Finished message. The server are run with command: java -jar apps/TLS-Client.jar -config ./resources/configs/tls13.config -connect 127.0.0.1:4433 The client are run with command: ./openssl s_server -cert rsacert.pem -key rsakey.pem -port 4433 -tls1_3
The information displayed on the client side are: 15:22:47 [main] INFO : DefaultWorkflowExecutor - Connecting to 127.0.0.1:4433 15:22:47 [main] INFO : SendAction - Sending messages (client): CLIENT_HELLO, 15:22:48 [main] INFO : ReceiveAction - Received Messages (client): SERVER_HELLO, CHANGE_CIPHER_SPEC, ENCRYPTED_EXTENSIONS, CERTIFICATE, CERTIFICATE_VERIFY, FINISHED, 15:22:48 [main] INFO : SendAction - Sending messages (client): FINISHED,
The error information on the server side are: ERROR 140591839147840:error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:677: shutting down SSL CONNECTION CLOSED
It seems that the client sent Finished message that server decrypted failed. What need I do to fix these problem? Thank you!