One can't change the encrypted finished size unless one is using variable padding. encrypted finished size depends on 3 parameters: protocol version, cipher type, MAC type, Protocol version decides if explicit IV is included in the record and unencrypted finished message size. For SSL3 and TLS1.0, there wouldn't be any explicit IV. For SSL3, unencrypted finished size would be of 40 bytes (4 (handshake header) + 16(MD5 hash)+20(SHA hash) ) and for other protocols it will be 16 bytes(4(handshake header) + 12 bytes(xor of MD5 and SHA1 hashes)) Cipher Type decides, if the data needs to be padded or not. If it is block cipher, there would be 1 block of must padding of block length(16 for AES, 8 for DES). It also decides explicit IV length. MAC(hash) type decides the length of the MAC tag that will be appended to the unencrypted data before padding. For TLS1.2, AES256-SHA/AES128-SHA, encrypted finished message consists of 16 byte explicit IV + 16 byte finished message + 20 byte hash + 16 byte must padding. so, it will be of 68 bytes. For DES-CBC3-SHA, it will be 8 byte explicit IV + 16 byte finished message + 20 byte hash + 8 byte must padding. i.e it will be 52 bytes. Thanks, Thulasi. On 11 December 2014 at 04:15, Vyas Pentakota <npentako at brocade.com> wrote: > Hi > > I am working on issue involving openssl TLS 1.2 finish message decryption. > I was wondering if anyone can tell me how I can generate ?encrypted > handshake message? (client finish message) record larger than 64 bytes > only using RSA AES256-SHA/ AES128-SHA/DES-CBC3-SHA. > > Your suggestion is greatly appreciated. > > Thank you > > Vyas > > > > _______________________________________________ > openssl-users mailing list > openssl-users at openssl.org > https://mta.opensslfoundation.net/mailman/listinfo/openssl-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141211/1ee346e7/attachment.html>
