BouncyCastle can not handle multiple handshake message in a frame

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

BouncyCastle can not handle multiple handshake message in a frame

kiranmayi boyapati
I am trying to test Bouncy castle Tlsserver with Openssl client.

I always get bad mac error.

But the connections are successfully established with Tls test clients in Bouncy castle test packages.

When i compare the handshake messages the only difference i found is BC test clients sends Client Key Exchange, Change Cipher Spec and Encrypted Handshake messages in different frames.

Where as openssl combine all the 3 messages in one frame.

Does Bouncy castle support multiple tls hand shake messages in single frame?

Reply | Threaded
Open this post in threaded view
|

Re: BouncyCastle can not handle multiple handshake message in a frame

Peter Dettman-3
I assume this is also PSK-related, in which case you need to
double-check the PSK configuration for both the openssl client and the
BC server. Mismatching values for the 'psk' is the most likely cause.

You don't give any details about what ciphersuite is negotiated, but if
you've somehow enabled/negotiated a ciphersuite using RSA_PSK key
exchange, then a bad_record_mac might also happen if the server RSA
encryption cert and private key don't match.

BC supports receiving multiple handshake messages in a single record,
but currently does not send more than one handshake message per record.
It is extremely unlikely this has anything to do with a bad_record_mac.

Regards,
Pete Dettman

On 3/5/19 10:28 pm, kiranmayi boyapati wrote:

> I am trying to test Bouncy castle Tlsserver with Openssl client.
>
> I always get bad mac error.
>
> But the connections are successfully established with Tls test clients
> in Bouncy castle test packages.
>
> When i compare the handshake messages the only difference i found is BC
> test clients sends Client Key Exchange, Change Cipher Spec and Encrypted
> Handshake messages in different frames.
>
> Where as openssl combine all the 3 messages in one frame.
>
> Does Bouncy castle support multiple tls hand shake messages in single frame?
>