Topic: "Bad record mac" during handshake

Hi,

We are currently evaluating the WolfSSL for a commercial embedded product as a potential SSL implementation.
The following problem is encountered during a client <-> server handshake:


2017.03.23 19:35:12 LOG3[0]: SSL_accept: 1408F119: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

Client receives alert 20 which is "bad record mac". Connection does not succeed.

We are using certificates and keys provided in WolfSSL example code.
The TCP/IP stack is LWIP.
The user settings are set as follows:

#define DEBUG_WOLFSSL
#define NO_WOLFSSL_SERVER
#define NO_MAIN_DRIVER
#define BENCH_EMBEDDED
#define NO_FILESYSTEM
#define NO_STDIO_FILESYSTEM
#define NO_WRITEV
#define WOLFSSL_USER_IO
#define NO_DEV_RANDOM
#define USE_CERT_BUFFERS_2048
#define WOLFSSL_USER_CURRTIME
#define SIZEOF_LONG_LONG 8
#define HAVE_STUNNEL
#define SEMEL_SETTINGS
#define USER_TIME

For further information see the attached logs.

Regards Jarkko Reijonaho

Post's attachments

logs.txt 9.81 kb, 3 downloads since 2017-03-23 

You don't have the permssions to download the attachments of this post.

Share

Re: "Bad record mac" during handshake

Hi Jarkko,

Most of your settings are familiar to us but one is not, could you tell us what "SEMEL_SETTINGS" is doing? That is not a define we provide and we would need to know what else it might be enabling/disabling.

Could you also provide us with some more details on your project given the commercial nature of the evaluation we will want to have a better understanding of your end goals and design to better support your efforts.

If you send an email to "support@wolfssl.com" we can better service you from a commercial standpoint as well. This will allow you to communicate to us details you may wish to remain out of scope of the public forums.

Prior to attempting a client/server handshake we always encourage users to verify the underlying crypto is working properly. There is a test application located here: <wolfssl-root>/wolfcrypt/test/test.c. Could you try building and running that application  to make sure all tests pass? Our suspicion is that there may be an issue with the crypto libraries in your environment that will need to be addressed prior to performing a successful SSL/TLS connection.


Best Regards,

Kaleb

Re: "Bad record mac" during handshake

Thank you Kaleb. I'll do further communication via e-mail address that you provided.
I'll first try the wolfcrypt test application in our product and send the results and other information.

BR Jarkko

Share

Re: "Bad record mac" during handshake

Hi Jarkko,

Great, let me know how the wolfcrypt test goes when you get a chance to run it. I look forward to hearing more about your project via email.


Warm Regards,

Kaleb