openssl SSL_accept() error 문의 드립니다.
openssl programming 하는데에 있어서 오류에 대한 문의드립니다.
혹, 아시는 분 있으시면 답변 부탁드립니다.
하고자 하는 내용은 PSK of TLS handshake 입니다.
환경: Linux (gcc 4.8.5)
openssl 1.1.1d
case1)
server: openssl s_server -nocert -psk 12345678abcd -accept 34567 -state -debug -tls1_2
client: openssl s_client -connect 10.10.1.46:34567 -psk 12345678abcd -debug -state -tls1_2
==> 정상동작 확인
client hello ->
<- server hello, key exchange, hello done
client key exchange ->
change cipher spec, encrypted handshake message ->
<- New Session ticket, change cipher spec, encrypted msg
case2)
server: 자체 구현 binary
client: openssl s_client -connect 10.10.1.46:34567 -psk 12345678abcd -debug -state -tls1_3
==> 정상동작 확인
client hello ->
<- hello retry request, change cipher spec
change cipher spec, client hello ->
<- server hello, app data, app data
case3)
server: 자체 구현 binary
client: openssl s_client -connect 10.10.1.46:34567 -psk 12345678abcd -debug -state -tls1_2
==>
client hello ->
<- server hello, key exchange, hello done
client key exchange ->
change cipher spec, encrypted handshake message ->
<- Alert(Fatal, Description: Bad Record MAC)
(TLS_Accept:: SSL_accept() fail. SSL_ERROR(1) ERR_STR(46966010660928:error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:677:)
Server code 내용입니다.
감사합니다.
const SSL_METHOD *meth = TLS_method(); SSL_library_init (); SSL_load_error_strings (); SSLeay_add_ssl_algorithms(); OpenSSL_add_all_algorithms(); ctx = SSL_CTX_new( meth ); SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); SSL_CTX_set_psk_server_callback(ctx, tls_psk_server_cb); SSL_CTX_use_psk_identity_hint(ctx, my_psk_id); SSL_CTX_set_psk_find_session_callback(ctx, psk_find_session_cb); SSL_CTX_set_session_id_context(ctx, ... ); tcp_listen(); accept(); ssl = SSL_new(ctx); SSL_set_fd(ssl, nfd) TLS_Accept(ssl); ...
댓글 달기